Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1570666
MD5:4316066b2799fa412066927b9445bd7b
SHA1:e23dbc2ec82b159a02b109e51b477cd5420c6fbb
SHA256:1ddc494a80d164d4a39965ac4fa82bb7c08c864146de236d1129b533f38a5ed4
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7336 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4316066B2799FA412066927B9445BD7B)
    • taskkill.exe (PID: 7400 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7552 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7616 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7680 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7736 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7792 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7824 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7840 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8080 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e722203-f77e-46e0-8f33-d05e42b18ecf} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 24099e6ef10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7672 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -parentBuildID 20230927232528 -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6623779-2eb6-41f5-bad4-cfc391a50ded} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240ac060e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1876 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5332 -prefMapHandle 5268 -prefsLen 32882 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd93cf5d-9dc2-4315-b709-e3bf0226dc8b} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240b1df9d10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 7336JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.7:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.7:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49806 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49821 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49824 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49838 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49848 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49850 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49851 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49852 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49853 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49860 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.7:49862 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49861 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49873 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49872 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49874 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49876 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49875 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49877 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49891 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49892 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49893 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49910 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49918 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49919 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49931 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49932 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49938 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49941 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49948 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49949 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49956 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49963 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49970 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49971 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49978 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49983 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49987 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49988 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49993 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49998 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50005 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50003 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50008 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50012 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50019 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50024 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50028 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50026 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50033 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50039 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50044 version: TLS 1.2
    Source: Binary string: z:\task_168263428371319\workspace\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000F.00000003.1463868520.00000240A9762000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_168263428371319\workspace\openh264\gmpopenh264.pdbW source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000F.00000003.1463868520.00000240A9762000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00F9DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6C2A2 FindFirstFileExW,0_2_00F6C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA68EE FindFirstFileW,FindClose,0_2_00FA68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00FA698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F9D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F9D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FA9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FA979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00FA9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00FA5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 225MB
    Source: unknownNetwork traffic detected: DNS query count 39
    Source: Joe Sandbox ViewIP Address: 34.117.121.53 34.117.121.53
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 18.66.161.4 18.66.161.4
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FACE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00FACE44
    Source: global trafficHTTP traffic detected: GET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml?force=1 HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: CPTon1ExrULZWiFcmAW6pw==Connection: keep-alive, UpgradeSec-Fetch-Dest: emptySec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
    Source: global trafficHTTP traffic detected: GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1Host: youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-aliveIf-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMTIf-None-Match: "1648230346554"
    Source: global trafficHTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1
    Source: global trafficHTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: ob9Trf5z9SVZVp9ssS6v6w==Connection: keep-alive, UpgradeSec-Fetch-Dest: emptySec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
    Source: global trafficHTTP traffic detected: GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/monitor/collections/changes/changeset?collection=whats-new-panel&bucket=main&_expected=0 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/whats-new-panel/changeset?_expected=1617030573137 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/monitor/collections/changes/changeset?_expected=0 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/1.1Host: location.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /api/v1/ HTTP/1.1Host: normandy.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cwikipedia%40search.mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org&lang=en-US HTTP/1.1Host: services.addons.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,*/*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://accounts.google.com/Connection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: same-site
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: qCMt+/uUnBHhiBkxchyA4Q==Connection: keep-alive, UpgradeSec-Fetch-Dest: emptySec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
    Source: global trafficHTTP traffic detected: GET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1731615130278&_since=%221692730580117%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /api/v1/classify_client/ HTTP/1.1Host: classify-client.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/monitor/collections/changes/changeset?collection=normandy-recipes-capabilities&bucket=main&_expected=0 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1732624571832&_since=%221694457382323%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1733529664610 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /staging/addons-bloomfilters/47758106-fb81-4eaa-86a8-f7f7d77cd192.bin HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /chains/202402/normandy.content-signature.mozilla.org-2025-01-01-20-48-28.chain?cachebust=2017-06-13-21-06 HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /chains/202402/normandy.content-signature.mozilla.org-2025-01-22-11-21-21.chain?cachebust=2017-06-13-21-06 HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/top-sites/changeset?_expected=1723136665642&_since=%221647020600359%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: cYyc88Q6gf/OTueMSZBSWQ==Connection: keep-alive, UpgradeSec-Fetch-Dest: emptySec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/translations-models/changeset?_expected=1728419357989&_since=%221692284142841%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1732897509042&_since=%221694439985514%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1733519120578&_since=%221696457593430%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/cfr/changeset?_expected=1733413822366&_since=%221689971565076%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/message-groups/changeset?_expected=1718898145959&_since=%221670425599656%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1720004688246&_since=%221606870304609%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/search-default-override-allowlist/changeset?_expected=1721063513248&_since=%221595254618540%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/cookie-banner-rules-list/changeset?_expected=1725526980846&_since=%221690359097318%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1731362767688&_since=%221659924446436%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1731429440245&_since=%221694014137037%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/password-rules/changeset?_expected=1731438148174&_since=%221679600032742%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/translations-wasm/changeset?_expected=1733343786142&_since=%221681500422552%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/sites-classification?_expected=1544035467383 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/devtools-devices?_expected=1653469171354 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: push.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brSec-WebSocket-Version: 13Origin: wss://push.services.mozilla.com/Sec-WebSocket-Protocol: push-notificationSec-WebSocket-Extensions: permessage-deflateSec-WebSocket-Key: Kjb8+3nyJX+drhwrloJVYQ==Connection: keep-alive, UpgradeSec-Fetch-Dest: emptySec-Fetch-Mode: websocketSec-Fetch-Site: cross-sitePragma: no-cacheCache-Control: no-cacheUpgrade: websocket
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/language-dictionaries?_expected=1673270322227 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/password-recipes?_expected=1674595048726 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/translations-identification-models?_expected=1681500405555 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185&_since=%221693416467312%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveIf-Modified-Since: Thu, 28 Nov 2024 13:03:18 GMTIf-None-Match: "e90b4b26f40b4131c1239c8340204be3"
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: places.sqlite.15.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AcMMx-eKz90hFUHtfvRIhOx3nLRAYtuyQTpDdMcCQTkOVqx-7_NZsTKsQbeMITvxr16-WEr_EUru6gmoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
    Source: places.sqlite.15.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=enmoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
    Source: places.sqlite-wal.15.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en&ifkv=AcMMx-cpJ04ug4EML0ugqxi6bI10BarTEeJPhjwXToGG0BQgA6LDyUEeAS_qVWZ4i_rLI8kqdIF-dw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-402626248%3A1733584781465472&ddm=1YouTubemoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
    Source: places.sqlite.15.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en&ifkv=AcMMx-cpJ04ug4EML0ugqxi6bI10BarTEeJPhjwXToGG0BQgA6LDyUEeAS_qVWZ4i_rLI8kqdIF-dw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-402626248%3A1733584781465472&ddm=1moc.elgoog.stnuocca. equals www.youtube.com (Youtube)
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.youtube.com$ equals www.youtube.com (Youtube)
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwdmoc.ebutuoy.www. equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1518400844.00000240A8487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1404478716.00000240AAF75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1506898386.00000240A9921000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 1*://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 1*://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1514074992.00000240B5E8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1494750822.00000240B5E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/0 equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1514074992.00000240B5E8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1513942440.00000240B5EC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1494750822.00000240B5E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000013.00000002.2554679498.000001A16730A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000002.2554679498.000001A16730A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000013.00000002.2554679498.000001A16730A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/@=)6J equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/@=)6J equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/@=)6J equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1506898386.00000240A9921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://2a8a4ba3-32a0-495a-bbc2-63871e7b7005/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1514074992.00000240B5E8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1513942440.00000240B5EC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: mitmdetection.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: o.pki.goog
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: pki-goog.l.google.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: firefox-settings-attachments.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: attachments.prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: classify-client.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod-classifyclient.normandy.prod.cloudops.mozgcp.net
    Source: unknownHTTP traffic detected: POST /spocs HTTP/1.1Host: spocs.getpocket.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brcontent-type: application/jsonContent-Length: 197Connection: keep-alive
    Source: firefox.exe, 0000000F.00000003.1500332307.00000240B1DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://c.pki.goog/r/r1.crl0
    Source: firefox.exe, 0000000F.00000003.1456602989.00000240B634D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1459724507.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1464146013.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462066145.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1460911731.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1458496555.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462723789.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1458496555.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000F.00000003.1515485511.00000240B3750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1459724507.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1464146013.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462066145.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1460911731.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1458496555.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462723789.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000F.00000003.1456602989.00000240B634D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000F.00000003.1456602989.00000240B634D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD55A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000F.00000003.1499333541.00000240B21A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://i.pki.goog/r1.crt0
    Source: firefox.exe, 0000000F.00000003.1467521099.00000240B429F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000F.00000003.1482767661.00000240ABA53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510564518.000016091B303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510465127.000006598B703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1511437573.00000240ABA53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000F.00000003.1510564518.000016091B303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510465127.000006598B703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1477488437.00000240B2021000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488589374.00000240AA0B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491277831.00000240AA0C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD05E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1362041530.00000240AA0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1405147737.00000240AAED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421347309.00000240AA0CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1361812012.00000240AA0FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1503292540.00000240AD05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1514651877.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1513052522.00000240AB16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488589374.00000240AA0F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1516185500.00000240B2EF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1401091526.00000240AACEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1415694753.00000240AADE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1406870729.00000240AAED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1461116008.00000240AA0B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1480154895.00000240AAEA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1487815908.00000240AADC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000F.00000003.1510564518.000016091B303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510465127.000006598B703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://ocsp.digicert.com0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1459724507.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1464146013.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462066145.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1460911731.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1458496555.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1456602989.00000240B634D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462723789.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1458496555.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: firefox.exe, 0000000F.00000003.1515485511.00000240B3750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr10)
    Source: cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
    Source: firefox.exe, 0000000F.00000003.1515485511.00000240B3750000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/gsr1
    Source: firefox.exe, 0000000F.00000003.1501027801.00000240B1B8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000F.00000003.1501027801.00000240B1B8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: active-update.xml.tmp.15.drString found in binary or memory: http://www.mozilla.org/2005/app-update
    Source: firefox.exe, 0000000F.00000003.1400745281.00000240AC3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1504167221.00000240AC1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000F.00000003.1504167221.00000240AC1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulU
    Source: firefox.exe, 00000013.00000003.1386890345.000001A167F3C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1388928311.000001A167F3C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2560529140.000001A167F3C000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.15.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000F.00000003.1501027801.00000240B1B8C000.00000004.00000800.00020000.00000000.sdmp, cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000F.00000003.1501027801.00000240B1B8C000.00000004.00000800.00020000.00000000.sdmp, cert9.db.15.dr, cert9.db-journal.15.drString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000F.00000003.1355949531.00000240A847F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000F.00000003.1496041774.00000240B5B97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: places.sqlite.15.drString found in binary or memory: https://accounts.google.com
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_s
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2
    Source: favicons.sqlite-wal.15.drString found in binary or memory: https://accounts.google.com/favicon.ico
    Source: firefox.exe, 0000000F.00000003.1515485511.00000240B372A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1414924652.00000240AB3A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1496800215.00000240B3A18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1492347499.00000240AB223000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1456663321.00000240AB39C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1500451774.00000240B1DC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1460031443.00000240AB3B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000003.1500451774.00000240B1DC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdp
    Source: recovery.jsonlz4.tmp.15.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=:
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fa
    Source: permissions.sqlite.15.drString found in binary or memory: https://accounts.google.comstorageAccessAPI
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000F.00000003.1515904075.00000240B3065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498425125.00000240B3065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000F.00000003.1404478716.00000240AAF75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000F.00000003.1496549820.00000240B3ABC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000F.00000003.1500013910.00000240B212E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1391028393.00000240B2141000.00000004.00000800.00020000.00000000.sdmp, active-update.xml.tmp.15.drString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
    Source: firefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B30FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000F.00000003.1430875396.00000240AB20E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000F.00000003.1430875396.00000240AB20E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000F.00000003.1430875396.00000240AB20E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000F.00000003.1430875396.00000240AB20E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000F.00000003.1513052522.00000240AB16E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1430258613.00000240AB21C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421347309.00000240AA07F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1430258613.00000240AB21C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000F.00000003.1426692135.00000240AB22C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=815437
    Source: firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000F.00000003.1504167221.00000240AC1F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355949531.00000240A847F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
    Source: firefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1386433510.00000240B2066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 0000000F.00000003.1515485511.00000240B3757000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498054286.00000240B3757000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube_main
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000F.00000003.1518400844.00000240A8487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515904075.00000240B3065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498425125.00000240B3065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000F.00000003.1405147737.00000240AAED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1386433510.00000240B2066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: active-update.xml.tmp.15.drString found in binary or memory: https://download.mozilla.org/?product=firefox-127.0-complete&amp;os=win64&amp;lang=en-US
    Source: firefox.exe, 0000000F.00000003.1499333541.00000240B21BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462615032.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355949531.00000240A847F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1489460010.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1410521650.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1409656044.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1429737693.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408373914.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?Z
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000F.00000003.1387768762.00000240B20D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1387269927.00000240B20B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A167312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000F.00000003.1402222050.00000240B2339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1403060073.00000240B2396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000F.00000003.1402222050.00000240B2339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1403060073.00000240B2396000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1402539897.00000240B234B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000F.00000003.1500013910.00000240B211E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1496041774.00000240B5B97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1495126435.00000240B5DED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A167312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A16732F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1386433510.00000240B2066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: prefs-1.js.15.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
    Source: firefox.exe, 0000000F.00000003.1503292540.00000240AD0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/06d175bf-ef85-4100-85f9-be4f4
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000F.00000003.1499333541.00000240B21A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1390510500.00000240B21A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000F.00000003.1401690502.00000240AA2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000F.00000003.1518400844.00000240A8487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515904075.00000240B3065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498425125.00000240B3065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4A8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 0000000F.00000003.1499131196.00000240B2EF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com
    Source: firefox.exe, 0000000F.00000003.1499131196.00000240B2EF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000F.00000003.1521160854.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1517529725.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1523684141.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1519502870.00000240A9751000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1458496555.00000240A974C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000F.00000003.1494450573.00000240B5EF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1514074992.00000240B5EB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000F.00000003.1500332307.00000240B1DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000F.00000003.1500332307.00000240B1DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000F.00000003.1499185002.00000240B2EED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1516185500.00000240B2EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000F.00000003.1500332307.00000240B1DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000F.00000003.1500332307.00000240B1DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000F.00000003.1405147737.00000240AAED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000F.00000003.1496549820.00000240B3ABC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000F.00000003.1514651877.00000240B3AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1496800215.00000240B3A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1496800215.00000240B3A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000F.00000003.1496800215.00000240B3A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000F.00000003.1500332307.00000240B1DDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A167312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000F.00000003.1494671937.00000240B5EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A167386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/usero
    Source: firefox.exe, 0000000F.00000003.1404478716.00000240AAF75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000F.00000003.1404478716.00000240AAF75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: places.sqlite.15.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000F.00000003.1403060073.00000240B2396000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000F.00000003.1499333541.00000240B21BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: places.sqlite.15.dr, favicons.sqlite-wal.15.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000F.00000003.1469222645.00000240AA9E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: favicons.sqlite-wal.15.drString found in binary or memory: https://support.mozilla.org/products/firefox
    Source: places.sqlite.15.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1386433510.00000240B2066000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000F.00000003.1504167221.00000240AC1E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408047835.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1407858523.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462615032.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355949531.00000240A847F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1489460010.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1410521650.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1409656044.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1429737693.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408373914.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000F.00000003.1456602989.00000240B634D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.15.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000F.00000003.1499549320.00000240B216A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000F.00000003.1390903081.00000240B217E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000F.00000003.1390953702.00000240B216D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000F.00000003.1390903081.00000240B217E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1409656044.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1429737693.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408373914.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: places.sqlite.15.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000F.00000003.1496257401.00000240B3AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: favicons.sqlite-wal.15.drString found in binary or memory: https://www.mozilla.org/about/
    Source: places.sqlite.15.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
    Source: firefox.exe, 0000000F.00000003.1402222050.00000240B2339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1403060073.00000240B2396000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1402539897.00000240B234B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: favicons.sqlite-wal.15.drString found in binary or memory: https://www.mozilla.org/contribute/
    Source: places.sqlite.15.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
    Source: active-update.xml.tmp.15.drString found in binary or memory: https://www.mozilla.org/en-US/firefox/127.0/releasenotes/
    Source: firefox.exe, 0000000F.00000003.1499333541.00000240B21A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.15.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
    Source: firefox.exe, 0000000F.00000003.1495872396.00000240B5BE1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
    Source: active-update.xml.tmp.15.drString found in binary or memory: https://www.mozilla.org/firefox/127.0/whatsnew/?oldversion=%OLD_VERSION%&amp;utm_medium=firefox-desk
    Source: places.sqlite.15.dr, favicons.sqlite-wal.15.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4AF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000F.00000003.1495872396.00000240B5BE1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD599000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000F.00000003.1510265535.00003AB5E1003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.youtube.com
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.youtube.com$
    Source: firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwdmo
    Source: firefox.exe, 0000000F.00000003.1502567120.00000240AD599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: places.sqlite.15.drString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000F.00000003.1400745281.00000240AC3B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498054286.00000240B372A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515485511.00000240B372A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: firefox.exe, 00000013.00000002.2553734977.000001A1672D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=ht
    Source: firefox.exe, 00000014.00000002.2553512208.000001AEF48F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=ht#7
    Source: firefox.exe, 0000000F.00000003.1391816374.00000240AC7AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1460513667.00000240B3B98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD03C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2552570660.00000282CF12A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554344340.00000282CF4B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2552570660.00000282CF120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2553734977.000001A1672D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2551976464.000001A166F80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2551976464.000001A166F8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2553512208.000001AEF48F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2552442453.000001AEF47DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000D.00000002.1337635708.000001C43CE7F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000002.1349601065.0000022ADEF47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000014.00000002.2552442453.000001AEF47DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd/
    Source: firefox.exe, 00000014.00000002.2552442453.000001AEF47D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd;
    Source: firefox.exe, 00000011.00000002.2554344340.00000282CF4B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2552570660.00000282CF120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2553734977.000001A1672D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2551976464.000001A166F80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2553512208.000001AEF48F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2552442453.000001AEF47D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: places.sqlite-wal.15.dr, places.sqlite.15.drString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdmoc.ebutuoy.
    Source: permissions.sqlite.15.drString found in binary or memory: https://youtube.comhighValueCOOP
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
    Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
    Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
    Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
    Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
    Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
    Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
    Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49743 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.7:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.7:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49797 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49806 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49821 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49824 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49838 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49848 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49850 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49851 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49852 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49853 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49860 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.7:49862 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49861 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49873 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49872 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49874 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49876 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49875 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49877 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49891 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49892 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49893 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49910 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49918 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49919 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49931 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49932 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49938 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49941 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49948 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49949 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49956 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49963 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49970 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49971 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49978 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49983 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49987 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49988 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49993 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49998 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50005 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50003 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50008 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50012 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50019 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50024 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50028 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50026 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50033 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:50039 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:50044 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00FAEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00FAED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00FAEAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00F9AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00FC9576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000000.1296955837.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7fb00422-a
    Source: file.exe, 00000000.00000000.1296955837.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f549bbf2-2
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_32164717-2
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_19821309-3
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A1672F40B7 NtQuerySystemInformation,19_2_000001A1672F40B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A167975AF2 NtQuerySystemInformation,19_2_000001A167975AF2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00F9D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F91201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00F91201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00F9E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F380600_2_00F38060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA20460_2_00FA2046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F982980_2_00F98298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6E4FF0_2_00F6E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6676B0_2_00F6676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC48730_2_00FC4873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F3CAF00_2_00F3CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5CAA00_2_00F5CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4CC390_2_00F4CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F66DD90_2_00F66DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F391C00_2_00F391C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4B1190_2_00F4B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F513940_2_00F51394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F517060_2_00F51706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5781B0_2_00F5781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F519B00_2_00F519B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4997D0_2_00F4997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F379200_2_00F37920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F57A4A0_2_00F57A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F57CA70_2_00F57CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F51C770_2_00F51C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F69EEE0_2_00F69EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBBE440_2_00FBBE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F51F320_2_00F51F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A1672F40B719_2_000001A1672F40B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A167975AF219_2_000001A167975AF2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A167975B3219_2_000001A167975B32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A16797621C19_2_000001A16797621C
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F50A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F4F9F2 appears 40 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F39CB3 appears 31 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@35/47@127/17
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA37B5 GetLastError,FormatMessageW,0_2_00FA37B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F910BF AdjustTokenPrivileges,CloseHandle,0_2_00F910BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F916C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00F916C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00FA51CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00F9D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00FA648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F342A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00F342A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user~1\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e722203-f77e-46e0-8f33-d05e42b18ecf} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 24099e6ef10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -parentBuildID 20230927232528 -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6623779-2eb6-41f5-bad4-cfc391a50ded} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240ac060e10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5332 -prefMapHandle 5268 -prefsLen 32882 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd93cf5d-9dc2-4315-b709-e3bf0226dc8b} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240b1df9d10 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e722203-f77e-46e0-8f33-d05e42b18ecf} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 24099e6ef10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -parentBuildID 20230927232528 -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6623779-2eb6-41f5-bad4-cfc391a50ded} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240ac060e10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5332 -prefMapHandle 5268 -prefsLen 32882 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd93cf5d-9dc2-4315-b709-e3bf0226dc8b} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240b1df9d10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_168263428371319\workspace\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000F.00000003.1463868520.00000240A9762000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_168263428371319\workspace\openh264\gmpopenh264.pdbW source: gmpopenh264.dll.tmp.15.dr
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000F.00000003.1463868520.00000240A9762000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F342DE
    Source: gmpopenh264.dll.tmp.15.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F50A76 push ecx; ret 0_2_00F50A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F4F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00F4F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00FC1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97725
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A1672F40B7 rdtsc 19_2_000001A1672F40B7
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00F9DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6C2A2 FindFirstFileExW,0_2_00F6C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA68EE FindFirstFileW,FindClose,0_2_00FA68EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00FA698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F9D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00F9D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FA9642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00FA979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00FA9B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00FA5C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F342DE
    Source: firefox.exe, 00000013.00000002.2558982213.000001A167860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
    Source: firefox.exe, 00000013.00000002.2558982213.000001A167860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
    Source: firefox.exe, 00000011.00000002.2560482712.00000282CFA40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
    Source: firefox.exe, 00000013.00000002.2558982213.000001A167860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
    Source: firefox.exe, 00000011.00000002.2552570660.00000282CF12A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWWORK_NAME_k
    Source: file.exe, 00000000.00000003.1384277619.00000000010F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1386130498.0000000001136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1384513464.00000000010FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2552570660.00000282CF12A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2558982213.000001A167860000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2551976464.000001A166F8A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2558900440.000001AEF4B00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2552442453.000001AEF47DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000011.00000002.2559550975.00000282CF61F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000011.00000002.2552570660.00000282CF12A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2558982213.000001A167860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000001A1672F40B7 rdtsc 19_2_000001A1672F40B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAEAA2 BlockInput,0_2_00FAEAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F62622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F62622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F342DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F54CE8 mov eax, dword ptr fs:[00000030h]0_2_00F54CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F90B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00F90B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F62622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F62622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F5083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F5083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F509D5 SetUnhandledExceptionFilter,0_2_00F509D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F50C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F50C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F91201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00F91201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F72BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00F72BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9B226 SendInput,keybd_event,0_2_00F9B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00FB22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F90B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00F90B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F91663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00F91663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F50698 cpuid 0_2_00F50698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8D21C GetLocalTime,0_2_00F8D21C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8D27A GetUserNameW,0_2_00F8D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00F6B952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F342DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00F342DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00FB1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00FB1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture4
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570666 Sample: file.exe Startdate: 07/12/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 42 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 354 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 mitmdetection.services.mozilla.com 18.66.161.4, 443, 49735 MIT-GATEWAYSUS United States 19->51 53 youtube.com 142.250.181.142, 443, 49718, 49719 GOOGLEUS United States 19->53 55 15 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 19->31         started        33 firefox.exe 19->33         started        35 firefox.exe 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/ATRAPS.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://www.youtube.com$0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      prod.detectportal.prod.cloudops.mozgcp.net
      		34.107.221.82
      		truefalse
        		high
        services.addons.mozilla.org
        		151.101.193.91
        		truefalse
          		high
          prod-classifyclient.normandy.prod.cloudops.mozgcp.net
          		34.98.75.36
          		truefalse
            		high
            mitmdetection.services.mozilla.com
            		18.66.161.4
            		truefalse
              		high
              contile.services.mozilla.com
              		34.117.188.166
              		truefalse
                		high
                prod.content-signature-chains.prod.webservices.mozgcp.net
                		34.160.144.191
                		truefalse
                  		high
                  us-west1.prod.sumo.prod.webservices.mozgcp.net
                  		34.149.128.2
                  		truefalse
                    		high
                    ipv4only.arpa
                    		192.0.0.170
                    		truefalse
                      		high
                      prod.ads.prod.webservices.mozgcp.net
                      		34.117.188.166
                      		truefalse
                        		high
                        push.services.mozilla.com
                        		34.107.243.93
                        		truefalse
                          		high
                          www.google.com
                          		216.58.208.228
                          		truefalse
                            		high
                            normandy-cdn.services.mozilla.com
                            		35.201.103.21
                            		truefalse
                              		high
                              star-mini.c10r.facebook.com
                              		157.240.195.35
                              		truefalse
                                		high
                                prod.classify-client.prod.webservices.mozgcp.net
                                		35.190.72.216
                                		truefalse
                                  		high
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  		35.244.181.201
                                  		truefalse
                                    		high
                                    twitter.com
                                    		104.244.42.193
                                    		truefalse
                                      		high
                                      dyna.wikimedia.org
                                      		185.15.58.224
                                      		truefalse
                                        		high
                                        prod.remote-settings.prod.webservices.mozgcp.net
                                        		34.149.100.209
                                        		truefalse
                                          		high
                                          pki-goog.l.google.com
                                          		142.250.181.99
                                          		truefalse
                                            		high
                                            youtube.com
                                            		142.250.181.142
                                            		truefalse
                                              		high
                                              youtube-ui.l.google.com
                                              		172.217.21.46
                                              		truefalse
                                                		high
                                                attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                                		34.117.121.53
                                                		truefalse
                                                  		high
                                                  reddit.map.fastly.net
                                                  		151.101.129.140
                                                  		truefalse
                                                    		high
                                                    telemetry-incoming.r53-2.services.mozilla.com
                                                    		34.120.208.123
                                                    		truefalse
                                                      		high
                                                      www.reddit.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        spocs.getpocket.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          content-signature-2.cdn.mozilla.net
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            support.mozilla.org
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              firefox.settings.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.youtube.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  www.facebook.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    detectportal.firefox.com
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high
                                                                      normandy.cdn.mozilla.net
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        o.pki.goog
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		high
                                                                          classify-client.services.mozilla.com
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		high
                                                                            shavar.services.mozilla.com
                                                                            		unknown
                                                                            		unknownfalse
                                                                              		high
                                                                              www.wikipedia.org
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		high
                                                                                firefox-settings-attachments.cdn.mozilla.net
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		high

                                                                                  Contacted URLs

                                                                                  NameMaliciousAntivirus DetectionReputation
                                                                                  https://firefox.settings.services.mozilla.com/v1/false
                                                                                    		high
                                                                                    https://spocs.getpocket.com/spocsfalse
                                                                                      		high
                                                                                      https://firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/47758106-fb81-4eaa-86a8-f7f7d77cd192.binfalse
                                                                                        		high
                                                                                        https://content-signature-2.cdn.mozilla.net/chains/202402/normandy.content-signature.mozilla.org-2025-01-01-20-48-28.chain?cachebust=2017-06-13-21-06false
                                                                                          		high
                                                                                          https://www.google.com/favicon.icofalse
                                                                                            		high

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000014.00000002.2554088472.000001AEF4AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://detectportal.firefox.com/firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://datastudio.google.com/embed/reporting/firefox.exe, 0000000F.00000003.1518400844.00000240A8487000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515904075.00000240B3065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498425125.00000240B3065000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1386433510.00000240B2066000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000014.00000002.2554088472.000001AEF4A8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.leboncoin.fr/firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.youtube.complaces.sqlite-wal.15.dr, places.sqlite.15.drfalse
                                                                                                                		high
                                                                                                                https://shavar.services.mozilla.comfirefox.exe, 0000000F.00000003.1496549820.00000240B3ABC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://completion.amazon.com/search/complete?q=firefox.exe, 0000000F.00000003.1504167221.00000240AC1F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355949531.00000240A847F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000F.00000003.1404478716.00000240AAF75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000F.00000003.1504167221.00000240AC1E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408047835.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1407858523.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1462615032.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355949531.00000240A847F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1489460010.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1410521650.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1409656044.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1429737693.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1408373914.00000240AB248000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.msn.comfirefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://mitmdetection.services.mozilla.comfirefox.exe, 0000000F.00000003.1499131196.00000240B2EF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://mozilla.org/0firefox.exe, 0000000F.00000003.1510564518.000016091B303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510465127.000006598B703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000F.00000003.1355305596.00000240A8421000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355509452.00000240A8440000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355742757.00000240A8460000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1355092175.00000240A9800000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000F.00000003.1403060073.00000240B2396000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://youtube.com/firefox.exe, 0000000F.00000003.1400745281.00000240AC3B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1498054286.00000240B372A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515485511.00000240B372A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKplaces.sqlite.15.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://api.accounts.firefox.com/v1firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://i.pki.goog/r1.crt0cert9.db.15.dr, cert9.db-journal.15.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.amazon.com/firefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 0000000F.00000003.1496800215.00000240B3A18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.youtube.com$places.sqlite-wal.15.dr, places.sqlite.15.drfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://ocsp.rootca1.amazontrust.com0:cert9.db.15.dr, cert9.db-journal.15.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.youtube.com/firefox.exe, 00000014.00000002.2554088472.000001AEF4A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000F.00000003.1430875396.00000240AB20E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.bbc.co.uk/firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000014.00000002.2554088472.000001AEF4AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://127.0.0.1:firefox.exe, 0000000F.00000003.1500332307.00000240B1DF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000F.00000003.1405147737.00000240AAED5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://bugzilla.mofirefox.exe, 0000000F.00000003.1498425125.00000240B30FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://mitmdetection.services.mozilla.com/firefox.exe, 0000000F.00000003.1499131196.00000240B2EF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://amazon.comfirefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000F.00000003.1404478716.00000240AAF75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://shavar.services.mozilla.com/firefox.exe, 0000000F.00000003.1514651877.00000240B3AD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000011.00000002.2554832939.00000282CF5CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A1673E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2559097294.000001AEF4C03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.15.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://spocs.getpocket.com/firefox.exe, 0000000F.00000003.1494750822.00000240B5E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.2554679498.000001A167312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.2554088472.000001AEF4A13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.iqiyi.com/firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://youtube.com/account?=ht#7firefox.exe, 00000014.00000002.2553512208.000001AEF48F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://crl.pki.goog/gsr1/gsr1.crl0;firefox.exe, 0000000F.00000003.1515485511.00000240B3750000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.amazon.com/Zfirefox.exe, 0000000F.00000003.1510366409.00003CE154003000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://addons.mozilla.org/firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://monitor.firefox.com/user/dashboardfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://monitor.firefox.com/aboutfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://mozilla.org/MPL/2.0/.firefox.exe, 0000000F.00000003.1477488437.00000240B2026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1477488437.00000240B2021000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488589374.00000240AA0B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1491277831.00000240AA0C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD05E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1362041530.00000240AA0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1405147737.00000240AAED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421347309.00000240AA0CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1361812012.00000240AA0FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1503292540.00000240AD05F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1514651877.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1513052522.00000240AB16E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1488589374.00000240AA0F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1516185500.00000240B2EF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1401091526.00000240AACEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1415694753.00000240AADE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1406870729.00000240AAED0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1396120809.00000240AD033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1461116008.00000240AA0B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1480154895.00000240AAEA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1487815908.00000240AADC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://account.bellmedia.cfirefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://youtube.com/firefox.exe, 0000000F.00000003.1502567120.00000240AD5A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://login.microsoftonline.comfirefox.exe, 0000000F.00000003.1401091526.00000240AAC87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://coverage.mozilla.orgfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://www.zhihu.com/firefox.exe, 0000000F.00000003.1502567120.00000240AD599000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  http://x1.c.lencr.org/0firefox.exe, 0000000F.00000003.1501027801.00000240B1B8C000.00000004.00000800.00020000.00000000.sdmp, cert9.db.15.dr, cert9.db-journal.15.drfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://x1.i.lencr.org/0firefox.exe, 0000000F.00000003.1501027801.00000240B1B8C000.00000004.00000800.00020000.00000000.sdmp, cert9.db.15.dr, cert9.db-journal.15.drfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000F.00000003.1477488437.00000240B2064000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        http://c.pki.goog/r/r1.crl0cert9.db.15.dr, cert9.db-journal.15.drfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://blocked.cdn.mozilla.net/firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000F.00000003.1499333541.00000240B21A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1390510500.00000240B21A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000F.00000003.1494750822.00000240B5E2F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://profiler.firefox.comfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1430258613.00000240AB21C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000F.00000003.1430875396.00000240AB20E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1421347309.00000240AA087000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1427391384.00000240AB20D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1426692135.00000240AB215000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000F.00000003.1458869789.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358453774.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1357777327.00000240A7433000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1358266515.00000240A7422000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                                            https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000F.00000003.1498425125.00000240B3089000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1515739082.00000240B3089000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                                              https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000F.00000003.1391530065.00000240B1EE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                                https://www.amazon.co.uk/firefox.exe, 0000000F.00000003.1390744962.00000240B2199000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1499549320.00000240B2195000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                                  https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000F.00000003.1496041774.00000240B5B97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000F.00000003.1495126435.00000240B5DED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 00000011.00000002.2554114541.00000282CF400000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2553543615.000001A167270000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.2553290081.000001AEF4870000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                                      https://screenshots.firefox.com/firefox.exe, 0000000F.00000003.1496257401.00000240B3AE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                        34.117.121.53
                                                                                                                                                                                                                                                                                        		attachments.prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                                        142.250.181.142
                                                                                                                                                                                                                                                                                        		youtube.comUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        34.149.100.209
                                                                                                                                                                                                                                                                                        		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                        34.107.243.93
                                                                                                                                                                                                                                                                                        		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        34.107.221.82
                                                                                                                                                                                                                                                                                        		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        35.244.181.201
                                                                                                                                                                                                                                                                                        		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        34.117.188.166
                                                                                                                                                                                                                                                                                        		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                                        216.58.208.228
                                                                                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        34.98.75.36
                                                                                                                                                                                                                                                                                        		prod-classifyclient.normandy.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        18.66.161.4
                                                                                                                                                                                                                                                                                        		mitmdetection.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                                                        35.201.103.21
                                                                                                                                                                                                                                                                                        		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        151.101.193.91
                                                                                                                                                                                                                                                                                        		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                                        172.217.21.46
                                                                                                                                                                                                                                                                                        		youtube-ui.l.google.comUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        35.190.72.216
                                                                                                                                                                                                                                                                                        		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                        34.160.144.191
                                                                                                                                                                                                                                                                                        		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                        34.120.208.123
                                                                                                                                                                                                                                                                                        		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                        Analysis ID:1570666
                                                                                                                                                                                                                                                                                        Start date and time:2024-12-07 16:18:08 +01:00
                                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                        Overall analysis duration:0h 7m 10s
                                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:25
                                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                        Sample name:file.exe
                                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                                        Classification:mal72.troj.evad.winEXE@35/47@127/17
                                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                                        • Successful, ratio: 40%
                                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                                                                                                                                                        • Number of executed functions: 47
                                                                                                                                                                                                                                                                                        • Number of non-executed functions: 294
                                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 44.224.97.208, 52.26.67.139, 44.228.225.150, 34.120.158.37, 173.194.222.84, 216.58.212.99, 172.217.21.35, 142.250.181.99, 142.250.201.35, 23.55.161.211, 23.55.161.185, 172.217.17.78, 142.250.200.238
                                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): download.mozilla.org, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, tracking-protection.prod.mozaws.net, fonts.gstatic.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, time.windows.com, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, redirector.gvt1.com, www.gstatic.com, location.services.mozilla.com, tracking-protection.cdn.mozilla.net
                                                                                                                                                                                                                                                                                        • Execution Graph export aborted for target firefox.exe, PID 7840 because there are no executed function
                                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                        • VT rate limit hit for: file.exe

                                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                                        10:19:21API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                        34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            34.117.121.53file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      l2rP5bxDPg.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            setup.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                              setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                18.66.161.4file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              https://bafkreifkijr4deqnzixvigwgbpmegtl7w7z65bwaf2xegf6wb5oejvy7je.ipfs.flk-ipfs.xyz/#mail@andrejsmanagement.com&c=E,1,7ZfSQ9vAYe7rvB9NwKAqcoBV6_2nCPL09QKb7jG3WYDaiZix9u1hiaulren8GlCVh8tr3ArY61yo0-gZFvLQqJ6pANsbQuIKnEW2EuUntXIIWBvyOuRTAdpQ&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  Fax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                        services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                        contile.services.mozilla.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                                        mitmdetection.services.mozilla.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 216.137.52.52
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.172.112.19
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.67
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.67
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.4
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.4
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.67
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.92
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.98
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.161.67

                                                                                                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                                        MIT-GATEWAYSUSarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.96.78.179
                                                                                                                                                                                                                                                                                                                                                                        akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.103.8.220
                                                                                                                                                                                                                                                                                                                                                                        jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.66.149.255
                                                                                                                                                                                                                                                                                                                                                                        arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 19.147.190.251
                                                                                                                                                                                                                                                                                                                                                                        jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 19.236.86.235
                                                                                                                                                                                                                                                                                                                                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 19.197.117.0
                                                                                                                                                                                                                                                                                                                                                                        xobftuootu.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 19.172.68.149
                                                                                                                                                                                                                                                                                                                                                                        home.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 19.82.2.81
                                                                                                                                                                                                                                                                                                                                                                        home.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 19.77.137.151
                                                                                                                                                                                                                                                                                                                                                                        home.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 18.92.85.251
                                                                                                                                                                                                                                                                                                                                                                        ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 48.60.117.157
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 51.131.3.164
                                                                                                                                                                                                                                                                                                                                                                        akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 48.207.92.212
                                                                                                                                                                                                                                                                                                                                                                        jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 32.4.23.74

                                                                                                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                        fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                l2rP5bxDPg.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                      setup.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                        RmwvP67C7X.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                          setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                    l2rP5bxDPg.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                                                          setup.exeGet hashmaliciousAmadey, Babadeda, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                            RmwvP67C7X.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                                                              setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a008c5f8-4887-4f8d-bd57-c7ef891bf135.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):7774
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.171428788795486
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:sMvMXOo7cbhbVbTbfbRbObtbyEl7nSJA6unSrDtTDd/S9l:sF7cNhnzFSJh1nSrDhDd/cl
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:5E016198866509B0F02824F07A0A35CA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:61A5D03DC629C280357EFB69D44F6A4CE958A2CA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:A6F1FB6737E022E72CC7CFB9538592B95030E004BFB1805F07CFF68251B3C0AC
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:E4376BE9AA74734F5EDAE15A27A2E170FFCD36CE4F4470F0989B3E9C0FA56ACF64F5751F4920E8C597471A54132FF35F13A3D0F183D3B298F31B6F366700661E
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"type":"uninstall","id":"a008c5f8-4887-4f8d-bd57-c7ef891bf135","creationDate":"2024-12-07T16:26:33.349Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a008c5f8-4887-4f8d-bd57-c7ef891bf135.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):7774
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.171428788795486
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:sMvMXOo7cbhbVbTbfbRbObtbyEl7nSJA6unSrDtTDd/S9l:sF7cNhnzFSJh1nSrDhDd/cl
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:5E016198866509B0F02824F07A0A35CA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:61A5D03DC629C280357EFB69D44F6A4CE958A2CA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:A6F1FB6737E022E72CC7CFB9538592B95030E004BFB1805F07CFF68251B3C0AC
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:E4376BE9AA74734F5EDAE15A27A2E170FFCD36CE4F4470F0989B3E9C0FA56ACF64F5751F4920E8C597471A54132FF35F13A3D0F183D3B298F31B6F366700661E
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"type":"uninstall","id":"a008c5f8-4887-4f8d-bd57-c7ef891bf135","creationDate":"2024-12-07T16:26:33.349Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\active-update.xml (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (1216), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.527810304857788
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:L4pKXAbXetstZOG/m4CHeiQBRvSRPEYn+/YA3oZgm7mJJA1KXbB746NMKzIb:16Ss0+i+1SRsYnWYAywJM6lW
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:EEAE2DD00786F7BA7A939A108177B3CC
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:0E0019F445002048D0666A4F0CFF1BD508A66732
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:3315771FF73FC2C76BDCBD883A7930AAA06873C6B305371DA927AE0D14976D14
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:1D025804C0229F083788D0E8751AFA41DCC08629BC2CEE00D529A0A7AE51E30C00CC13E9BC23CDCE240D4AC7F43372C19CCB3374C154B249E38DF7A33D7F4A15
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0"?><updates xmlns="http://www.mozilla.org/2005/app-update"><update xmlns="http://www.mozilla.org/2005/app-update" appVersion="127.0" buildID="20240606181944" channel="release" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" installDate="1733588769642" isCompleteUpdate="true" name="Firefox 127.0" previousAppVersion="118.0.1" promptWaitTime="691200" serviceURL="https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml" type="minor" actions="showURL" openURL="https://www.mozilla.org/firefox/127.0/whatsnew/?oldversion=%OLD_VERSION%&amp;utm_medium=firefox-desktop&amp;utm_source=update&amp;utm_campaign=127"><patch size="69776808" type="complete" URL="https://download.mozilla.org/?product=firefox-127.0-complete&amp;os=win64&amp;lang=en-US" selected="true" state="downloading" hashFunction="s

                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\active-update.xml.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (1216), with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.527810304857788
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:L4pKXAbXetstZOG/m4CHeiQBRvSRPEYn+/YA3oZgm7mJJA1KXbB746NMKzIb:16Ss0+i+1SRsYnWYAywJM6lW
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:EEAE2DD00786F7BA7A939A108177B3CC
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:0E0019F445002048D0666A4F0CFF1BD508A66732
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:3315771FF73FC2C76BDCBD883A7930AAA06873C6B305371DA927AE0D14976D14
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:1D025804C0229F083788D0E8751AFA41DCC08629BC2CEE00D529A0A7AE51E30C00CC13E9BC23CDCE240D4AC7F43372C19CCB3374C154B249E38DF7A33D7F4A15
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0"?><updates xmlns="http://www.mozilla.org/2005/app-update"><update xmlns="http://www.mozilla.org/2005/app-update" appVersion="127.0" buildID="20240606181944" channel="release" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" installDate="1733588769642" isCompleteUpdate="true" name="Firefox 127.0" previousAppVersion="118.0.1" promptWaitTime="691200" serviceURL="https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml" type="minor" actions="showURL" openURL="https://www.mozilla.org/firefox/127.0/whatsnew/?oldversion=%OLD_VERSION%&amp;utm_medium=firefox-desktop&amp;utm_source=update&amp;utm_campaign=127"><patch size="69776808" type="complete" URL="https://download.mozilla.org/?product=firefox-127.0-complete&amp;os=win64&amp;lang=en-US" selected="true" state="downloading" hashFunction="s

                                                                                                                                                                                                                                                                                                                                                                                                                C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\0\update.status

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):12
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.084962500721156
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:ZKRLs:ZH
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:21B14FA7F5DEED372D093DE77DB5C795
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:D017845A0C7C9900FB5D8ADBD3D78948CC686410
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:EC6C7C37BE67A0E4443C2A14B2BB45414FA992D0AEE701D18E8B30DD6F99731A
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:E043B349DEAE6AAA23372E00A09C6145C5682DAB37CB284D84C4CCBCE6AF01917BB42AA907581116C83EE255CC64115112067701344EEC2BA810AF8D70AFD99A
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:downloading.

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\activity-stream.discovery_stream.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1249
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.931611824278525
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:YXVmGJsYt6iv1+ivl+ijJXn4Mj4xUz4+Eibw4DKe4lextS:YXVRJsY4y8ys4JXn4Mj4xUz4+Eik4Dxw
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:FBFBCCAC16922C2A5BF53508B3733ED9
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:733D42C2CCDF52171A390A20DD1F071017EC54CB
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:2E8D8D0B7DD02237DBA7BC19B89118F17F9F92616063E4027BC4C29EBAE2BF25
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:9B0F23C134ACFDDA37ED16BA4AD6BF4E744B28BC68A55B4D9227797E5F50E253108E75DC2804759B3A2BFBC191B515863A09516F1C7BB2615115A61339565405
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"spocs":{"lastUpdated":1733588749503,"spocs":{"settings":{"feature_flags":{"collections":false,"spoc_v2":true},"spocsPerNewTabs":1,"domainAffinityParameterSets":{"default":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":1,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized-domains":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":10,"perfectFrequencyVisits":1,"recencyFactor":0.5}},"timeSegments":[{"id":"week-1","startTime":432000,"endTime":0,"weightPosition":1},{"id":"week-2","startTime":864000,"endTime":432000,"weightPosition":1},{"id":"week-3","startTime":1296000,"endTime":864000,"weightPosition":1},{"id":"week-4","startTime":17280

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\activity-stream.discovery_stream.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1249
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.931611824278525
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:YXVmGJsYt6iv1+ivl+ijJXn4Mj4xUz4+Eibw4DKe4lextS:YXVRJsY4y8ys4JXn4Mj4xUz4+Eik4Dxw
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:FBFBCCAC16922C2A5BF53508B3733ED9
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:733D42C2CCDF52171A390A20DD1F071017EC54CB
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:2E8D8D0B7DD02237DBA7BC19B89118F17F9F92616063E4027BC4C29EBAE2BF25
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:9B0F23C134ACFDDA37ED16BA4AD6BF4E744B28BC68A55B4D9227797E5F50E253108E75DC2804759B3A2BFBC191B515863A09516F1C7BB2615115A61339565405
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"spocs":{"lastUpdated":1733588749503,"spocs":{"settings":{"feature_flags":{"collections":false,"spoc_v2":true},"spocsPerNewTabs":1,"domainAffinityParameterSets":{"default":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":1,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized-domains":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":10,"perfectFrequencyVisits":1,"recencyFactor":0.5}},"timeSegments":[{"id":"week-1","startTime":432000,"endTime":0,"weightPosition":1},{"id":"week-2","startTime":864000,"endTime":432000,"weightPosition":1},{"id":"week-3","startTime":1296000,"endTime":864000,"weightPosition":1},{"id":"week-4","startTime":17280

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):15829
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.8063055926523655
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:63/CCBmqCIKJumwOGmnOq6b4b9C4GoTlbo2ofF9/cFnSPhxtj3tCiwwau13151iS:OuPngEG1xNUIzFnieWrc
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:96C542DEC016D9EC1ECC4DDDFCBAAC66
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:6199F7648BB744EFA58ACF7B96FEE85D938389E4
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:7F32769D6BB4E875F58CEB9E2FBFDC9BD6B82397ECA7A4C5230B0786E68F1798
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:CDA2F159C3565BC636E0523C893B293109DE2717142871B1EC78F335C12BAD96FC3F62BCF56A1A88ABDEED2AC3F3E5E9A008B45E24D713E13C23103ACC15E658
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):15829
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.8063055926523655
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:63/CCBmqCIKJumwOGmnOq6b4b9C4GoTlbo2ofF9/cFnSPhxtj3tCiwwau13151iS:OuPngEG1xNUIzFnieWrc
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:96C542DEC016D9EC1ECC4DDDFCBAAC66
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:6199F7648BB744EFA58ACF7B96FEE85D938389E4
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:7F32769D6BB4E875F58CEB9E2FBFDC9BD6B82397ECA7A4C5230B0786E68F1798
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:CDA2F159C3565BC636E0523C893B293109DE2717142871B1EC78F335C12BAD96FC3F62BCF56A1A88ABDEED2AC3F3E5E9A008B45E24D713E13C23103ACC15E658
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:# This Source Code Form is subject to the terms of the Mozilla Public.# License, v. 2.0. If a copy of the MPL was not distributed with this.# file, You can obtain one at http://mozilla.org/MPL/2.0/...## These messages are used as headings in the recommendation doorhanger..cfr-doorhanger-extension-heading = Recommended Extension.cfr-doorhanger-feature-heading = Recommended Feature..##..cfr-doorhanger-extension-sumo-link =. .tooltiptext = Why am I seeing this..cfr-doorhanger-extension-cancel-button = Not Now. .accesskey = N..cfr-doorhanger-extension-ok-button = Add Now. .accesskey = A..cfr-doorhanger-extension-manage-settings-button = Manage Recommendation Settings. .accesskey = M..cfr-doorhanger-extension-never-show-recommendation = Don.t Show Me This Recommendation. .accesskey = S..cfr-doorhanger-extension-learn-more-link = Learn more..# This string is used on a new line below the add-on name.# Variables:.# $name (String) - Add-on author name.cfr-doorhanger-extension-author =

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):491284
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.997725234203649
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:u8fhrUPE5+8TK1g9M6y5JJtuiA50eHgB2rAnavTQu:fZrUPE5I1g9M6yyZ0AgYra4Z
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:09372174E83DBBF696EE732FD2E875BB
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:BA360186BA650A769F9303F48B7200FB5EACCEE1
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:C32EFAC42FAF4B9878FB8917C5E71D89FF40DE580C4F52F62E11C6CFAB55167F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B667086ED49579592D435DF2B486FE30BA1B62DDD169F19E700CD079239747DD3E20058C285FA9C10A533E34F22B5198ED9B1F92AE560A3067F3E3FEACC724F1
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:PK...........V...,.}..........gmpopenh264.dll..|.U.8.I.....`....&l.Vpm.5Sf.N.(.."..YXY.%....V:;.......>....u.-...U....(.E.?*.ES.R..?...{'i...]}.}>._?Mr.....s.3s'....Ng.O0..m..?...z..4~{...w...H.\3{....U?*Y..K..+W.-K......,_i.g.k....NJLL.j0F..y..[?}1..........'.G^.#..^.C..{1.~..>.i..=............>}i.......h..h..t..O..^>w..PY.n.e.>...%Q.3....&H.d9....tqZ..pg3....G@u!.........[.4h....E.w.Y...~_1.^.#!f.+,.au......,._..:&...{N..1..~p..~?..DJ..T.".,.vR....u..P........8D;.,.BOp..........D..'...q*..l...;..6$.........9&.<.bU....dExynP..KK.........7~M.X....?.-Q..*.....zs......>..\...bv...y...s..+zN.Kr.(. .Ee.QRco.8..8.~..o..D.OT.5......O.gC.F.3..E......('..>......2Eu.5]l.t}.`...:j.....IW.u...J.....H.m.R.Tz.....O...*..Q...9..j.c.Uc...U8gD..q.^.3..|..Q.g[..Q6Q.q.....GBg..F[.\...D.C.?:1.}.../.t ..`.....}..........@...8c.G.....o. .......TyK.....sS.S..a.a..LR.0.k,.</;"...L.!WDp.M....8r..S..kq..o.0.m.-..,Z.[...>.G....P~.|.7TR...Ug.7.j......8Q>-.u..

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.940389822659655
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLly58P:8S+Oc+UAOdwiOdKeQjDL458P
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:96A57C09339D3CBE9E0572ACF3D92FE3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:465746034297715F6ADE4CDEA29F4A98F3288569
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:1FB45E00A56378C67E351B4A3CB875A2460015B740A5D7CE4BCB53C948B7AECE
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:F81ADF48DE0871F7701145733DACBFD0594269E47AD3707A686283BC2B64F6395C6E97838A9C30BDB652200FA5D0076CF40FF4D34B0AA58DDEEBD001A6878FD5
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.940389822659655
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLly58P:8S+Oc+UAOdwiOdKeQjDL458P
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:96A57C09339D3CBE9E0572ACF3D92FE3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:465746034297715F6ADE4CDEA29F4A98F3288569
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:1FB45E00A56378C67E351B4A3CB875A2460015B740A5D7CE4BCB53C948B7AECE
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:F81ADF48DE0871F7701145733DACBFD0594269E47AD3707A686283BC2B64F6395C6E97838A9C30BDB652200FA5D0076CF40FF4D34B0AA58DDEEBD001A6878FD5
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5318
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5318
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 9, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):229376
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.8133164830618148
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:Sb1zkVmvQhyn+Zoz67M3gQ7NlXMM6333Jp/LKXKN8ENBtl:SbuQ7zMMaCo
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:52637634ADF9F9C53488AAD284943524
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:6DA4189AA82674296417CD72DDE81A2C6C3AA22D
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:50059697BCDEB365C5CD81985CC77A57CC7D8B22F1D2BF03C0A091C7DD48FFFB
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:7980914553C1D94D13A3DB014057D353D59FC0E26F4F54C4056BA5124A0ECDFF8268483F49CFF64BEF9146826F31C89050D7A9D1DA9BF98D1A98DA51164D4289
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db-journal

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):229944
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.7297803843811943
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:7rtZNrgQ7NlXMM6333Jp/LKXKN8OX1zkVmvQhyn+Zoz67Q:uQ7zMMaCoF
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:E41FAB53FEA4B5014C3C8FB26BFEE966
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:FF0028E942E426EDF627CA5D0A3D9DB944640E88
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:899E2E52461EC9D2EA0A245667FBE3012E479837FB02EBFE8F365281241A65A1
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D62A6B11C87F9DFC54626A6615B3C7ED1DC84D419A8286AFC93BD9594821B4A9F084696A2C6F14C22AC975EA5E1F125BB16CDCBD5AB27C4A329D337113890301
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:.... .c.....{..s..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R..R...........k..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):262368
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.07756089849848415
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:pAkxR7AkZbvf8F7AkYGU/vCUU8F7Ak+FGU/vG:bENU3B
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:3D2F4AF78CD6F084E0C53A9A93508D18
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:D68C61E4B066652E31D3892413D585AD7321A9F0
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:B2975262FBDD4D09951C3DCCFD81C14748F62C2243DC12A9A5CDFF99976D18B5
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:48BE280759704686ECC52FFE89B78D0FC00DC516163A89AD6B0D4B2733488F743C1D047F123C0D9AAC297321515425188F57E9CA7F41EE4B8CC3F35E8C9805A7
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:7....-............A...H....V.Q7..........A...H..bi.f..5................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.03495363197389347
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:GtlvVzdFBrlow9lvVzdFBrlowCxR9//wllmlfl:Gt5rlj5rl4r9XT
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:EBB0BF5ED596F2D6378660BA49595BBA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:5BEE84997CC88D763605B6A8733B10E129D7BF61
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:0D0040AF043234C6E7E07C416E4CEA6455C0E598ADC5DE58D7A9A88D01A8398E
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:95FE6E06DDF1E9BD1D74A5B3416B93CE2B905047628D509BD8E8D5CC09EAAFA67C83B4172F51627CAFF74C1EB9C2C8EB1260D52E4E1D1812B9F7DC4FF9E56BAE
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:..-..............................T."S.3..$..i.....-..............................T."S.3..$..i...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):65616
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.7525923055139643
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:+RCli7Lu2+PFTU+Lu2+PFTUnLu2+PFTUy:+gli7Zz+ZznZzy
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:69722F8B720632409B0134F8BB762020
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:6FA09DA1AC5CF218B0FC687E36BE591245FD70F2
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:12D3BEF3CE98DDE64B36944E4E953163856B79B5F39663117CBB4C66CE1C50A3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:65CF7CFCA4563FF52E3E3D371223C11CEDC2865B2BB4AF3415D7230F7080AD4E9E6B24552C298A67146E7D7AD44108BC7DDF80224FF699AC25756941FAE84FF0
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:7....-...........T."S.3...W..'...........T."S.3.,[S`.M.......Ze.x.o.m.kpc%`DZe..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1102240
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.6236318014412126
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:bif6DS+hWYEwTkhPcB64VjVEj3cYemypfYIC:bTDSNwToPcfjBmypf6
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:842039753BF41FA5E11B3A1383061A87
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:3E8FE1D7B3AD866B06DCA6C7EF1E3C50C406E153
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D88DD3BFC4A558BB943F3CAA2E376DA3942E48A7948763BF9A38F707C2CD0C1C
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D3320F7AC46327B7B974E74320C4D853E569061CB89CA849CD5D1706330ACA629ABEB4A16435C541900D839F46FF72DFDE04128C450F3E1EE63C025470C19157
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: l2rP5bxDPg.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: RmwvP67C7X.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..V7.V7.V7.9S.C7.9S.[7.9S..7.9S.U7.V7.17.._._7.._.b7.._.H7.V7.87.?_.W7.?_.W7.RichV7.........PE..d.....Jd.........." .................C....................................................`.........................................P7..,...|8..(................I.......)..............T...................`...(...`................................................text.............................. ..`.rodata............................. ..`.rdata..F...........................@..@.data...p3...P.......2..............@....pdata...I.......J...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):1102240
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.6236318014412126
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:bif6DS+hWYEwTkhPcB64VjVEj3cYemypfYIC:bTDSNwToPcfjBmypf6
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:842039753BF41FA5E11B3A1383061A87
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:3E8FE1D7B3AD866B06DCA6C7EF1E3C50C406E153
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:D88DD3BFC4A558BB943F3CAA2E376DA3942E48A7948763BF9A38F707C2CD0C1C
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:D3320F7AC46327B7B974E74320C4D853E569061CB89CA849CD5D1706330ACA629ABEB4A16435C541900D839F46FF72DFDE04128C450F3E1EE63C025470C19157
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: l2rP5bxDPg.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: RmwvP67C7X.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V..V7.V7.V7.9S.C7.9S.[7.9S..7.9S.U7.V7.17.._._7.._.b7.._.H7.V7.87.?_.W7.?_.W7.RichV7.........PE..d.....Jd.........." .................C....................................................`.........................................P7..,...|8..(................I.......)..............T...................`...(...`................................................text.............................. ..`.rodata............................. ..`.rdata..F...........................@..@.data...p3...P.......2..............@....pdata...I.......J...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.920722044218877
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:C3OuN9RAM7VDXcEzq+r2Xl3vTMBv+FdBAIABv+FEn:0BDUm213vAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:2A461E9EB87FD1955CEA740A3444EE7A
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:B10755914C713F5A4677494DBE8A686ED458C3C5
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:4107F76BA1D9424555F4E8EA0ACEF69357DFFF89DFA5F0EC72AA4F2D489B17BC
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:34F73F7BF69D7674907F190F257516E3956F825E35A2F03D58201A5A630310B45DF393F2B39669F9369D1AC990505A4B6849A0D34E8C136E1402143B6CEDF2D3
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 2.3.2.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.920722044218877
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:C3OuN9RAM7VDXcEzq+r2Xl3vTMBv+FdBAIABv+FEn:0BDUm213vAWeWEn
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:2A461E9EB87FD1955CEA740A3444EE7A
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:B10755914C713F5A4677494DBE8A686ED458C3C5
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:4107F76BA1D9424555F4E8EA0ACEF69357DFFF89DFA5F0EC72AA4F2D489B17BC
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:34F73F7BF69D7674907F190F257516E3956F825E35A2F03D58201A5A630310B45DF393F2B39669F9369D1AC990505A4B6849A0D34E8C136E1402143B6CEDF2D3
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 2.3.2.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.09112605877978282
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:DBl/T0m+Wla0mwPxRymgObsCVR45wcYR4fmnsCVR4zi0+DguGBgX0Ei:DLT0mush7Owd4+wi0gABZEi
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:5ABA9AE16DF9221B62B95C9BA98D1DFB
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:FE551F62478B98DFE7B55D50F573FA86C1A2F41F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:25AA1434A6DF298726DBE4A5DBD4D5A81D5288B61E3C657710091289E990FAD9
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:9C394577542D8CC160C024DE56EF4FB41D583A7823DE35E2383A9DA25B3707BA1A94CF126DEBCBFF7C82A457E5B9654C84C5CF6970E47482CF38D962E94FCB66
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):5242880
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.04627956805258809
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:58r54w0VW3xWVhTGa7tsp2oP11Z0cSUL3LelXTi2:uqVW3oGJT
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:E6F670533E2E94DC406BBD551E6C564F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:94D582BDB92AC74D7BB4FE68C8F02A9D43F157EB
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:27F9F6ED4CBE33DF4D7236E8CDF2B7848D1F78C3100830A17852845153B00439
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:469038675433CD6B2535CCE59AE9C4133752835066D9770D0FD71C230DBC3F59E4A13FAB67DAD5485C264A82AA0D86F02CF12F6B14DD8879294B445228A00CC0
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.036776262093106554
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:GtlE9VbO9/jelWl3lE9VbO9/jelvT89//nltll:GLdYWdY789X
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:35AB8D891CC90AE5712A6DD105F88F96
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:67FBA2DC17AD88FA1FF763DD66E4494663E5945D
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:9E54C2B5816ACB92F66062C6BBDB0612958BE5654034FD53D6C00F35152E01A6
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:7A777C29ADC3E8A16E147FDBE14B5BEE8B92FF76B3A0FE8816D56448BDA10A5BB77C43228515DA04805D0CC1D3DC435B083734A9A7DD0016D488CE3D95EA4CF1
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:..-......................k../Uv.5q.b.ht.Z....].B..-......................k../Uv.5q.b.ht.Z....].B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):2361056
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.13908462019590392
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:ZhoGa7tsp2oXk5Ga7tsp2o7p2ozVH3luBsp2ok3Sa39Tyx7tsp2oV/TcSGn3iXTP:bjPRmTgU2BsmEVzC6
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:D7221577F48D6A94AEAD481111831AF3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:285ABF89DF9E89B74B761A703D5EE13277539B53
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:91F6F8135DDFF57E33F3AD042548A7D349F1138FC5917B55A199EB4560CC12C4
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:01F01B1DB789A45B9358C37AB589258DAA49914D7DB09D61B0C69594D27D4C694C65E11F766F48DFEA8A5EDEBBC7340AAE22AD60A9FB0CED6363748185991B80
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:7....-..........5q.b.ht.9.tH.x..........5q.b.ht.t.B~l........t....~.~.~c}I|.|o{.{;y~wst.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):15868
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.429614396629618
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:lcnSRkyYbBp6tqUCaXwm+VO6NYE5RHNBw8dw0o/LUxSl:TeSqUEw2VPwI0
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:41DC9171F8306263D6401E333547F7DD
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:F8EBBB3E1B63B976911185991BCFEB093BB147FA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:B17319AAD6F6680A678FFBE149E723B0583D54AF7501A8581B80CA53ABF66F19
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:CF04BD3EE8B44FA5AFEA95984124A2856EE7B53F22130075863520423487267D98C640AF1BED35E20EECB2131B40447AE708C79587E765F923D7037AAF6ACBC6
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1733588763);..user_pref("app.update.lastUpdateTime.background-update-timer", 1733588763);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1733588763);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1733588763);..user_pref("app.update.lastUpdateTime.r

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):15868
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.429614396629618
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:lcnSRkyYbBp6tqUCaXwm+VO6NYE5RHNBw8dw0o/LUxSl:TeSqUEw2VPwI0
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:41DC9171F8306263D6401E333547F7DD
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:F8EBBB3E1B63B976911185991BCFEB093BB147FA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:B17319AAD6F6680A678FFBE149E723B0583D54AF7501A8581B80CA53ABF66F19
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:CF04BD3EE8B44FA5AFEA95984124A2856EE7B53F22130075863520423487267D98C640AF1BED35E20EECB2131B40447AE708C79587E765F923D7037AAF6ACBC6
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1733588763);..user_pref("app.update.lastUpdateTime.background-update-timer", 1733588763);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1733588763);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1733588763);..user_pref("app.update.lastUpdateTime.r

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 14612 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4889
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.654472074406773
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:vZAQ98fu8EMJF7VbMZk0zf8W8Qge3ZwS2Grkc0n0bbFSPH:v+uRgF5MZkcuemarbvbwf
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:8E94F9926E7D56EF87576B02A1022D38
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:1B5392C3772C6F3CA1FE20A3E2D60135B2E9EB6F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:3B413A51E4288FE007164A577D6566FB54E9141B6D3AF60F4E5D63F39EBED1BA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:600C7DCABC99D6E0A74DAA3A9855D5126D61DD9AD1D5B5930836E72A9A71AEBD4F35D8291BAE23BFFC9DE926F4E4821DE9DE277B9002DFC0FB922E43E6E0921A
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..9....{"version":["ses....restore",1],"windows":[{"tab..bentrie...1url":"https://accounts.google.com/v3/signin/identifier?continue=:...%3A%2F%2Fwww.youtub<.2%2F;...%3Faction_handle_....Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dh. 25j..5l..5n..352F..P%253F...9..;..=..+.....C.S52Fv3......>..2Fchallenge....pwd%26feature%3Dredirect_login&hl=en&ifkv=AcMMx-cpJ04ug4EML0ugqxi6bI10BarTEeJPhjwXToGG0BQgA6LDyUEeAS_qVWZ4i_rLI8kqdIF-dw&passive=true&service=w...&uilel=3&flowName=GlifWebSignIn..rEntry=S9..L....dsh=S-402626248%3A1733584781465472&ddm=1","title":"YouTube","cacheKey":0,"ID":6,"docshellUUID":"{da5b7043-9a61-438c-858a-84715144f385}","originalURI............?{........../pwd","resultPrinciph..\...........loadReplace":......2...".`entTyp-..text/html","p|...ToInherit_base64":"{\"0\":...\"moz-null4...:{cd5814c6-248f-4c57-a112-226100cbf9f5}?0.......\"}}","hasUserInter......triggering'.....3...D.EdocI...":22,"persistL...}],"lastAccessed":W...8819297,"hidden":false,"searchMode":...,"userCon@

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 14612 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4889
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.654472074406773
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:vZAQ98fu8EMJF7VbMZk0zf8W8Qge3ZwS2Grkc0n0bbFSPH:v+uRgF5MZkcuemarbvbwf
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:8E94F9926E7D56EF87576B02A1022D38
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:1B5392C3772C6F3CA1FE20A3E2D60135B2E9EB6F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:3B413A51E4288FE007164A577D6566FB54E9141B6D3AF60F4E5D63F39EBED1BA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:600C7DCABC99D6E0A74DAA3A9855D5126D61DD9AD1D5B5930836E72A9A71AEBD4F35D8291BAE23BFFC9DE926F4E4821DE9DE277B9002DFC0FB922E43E6E0921A
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..9....{"version":["ses....restore",1],"windows":[{"tab..bentrie...1url":"https://accounts.google.com/v3/signin/identifier?continue=:...%3A%2F%2Fwww.youtub<.2%2F;...%3Faction_handle_....Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dh. 25j..5l..5n..352F..P%253F...9..;..=..+.....C.S52Fv3......>..2Fchallenge....pwd%26feature%3Dredirect_login&hl=en&ifkv=AcMMx-cpJ04ug4EML0ugqxi6bI10BarTEeJPhjwXToGG0BQgA6LDyUEeAS_qVWZ4i_rLI8kqdIF-dw&passive=true&service=w...&uilel=3&flowName=GlifWebSignIn..rEntry=S9..L....dsh=S-402626248%3A1733584781465472&ddm=1","title":"YouTube","cacheKey":0,"ID":6,"docshellUUID":"{da5b7043-9a61-438c-858a-84715144f385}","originalURI............?{........../pwd","resultPrinciph..\...........loadReplace":......2...".`entTyp-..text/html","p|...ToInherit_base64":"{\"0\":...\"moz-null4...:{cd5814c6-248f-4c57-a112-226100cbf9f5}?0.......\"}}","hasUserInter......triggering'.....3...D.EdocI...":22,"persistL...}],"lastAccessed":W...8819297,"hidden":false,"searchMode":...,"userCon@

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:Mozilla lz4 compressed data, originally 14612 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4889
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.654472074406773
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:vZAQ98fu8EMJF7VbMZk0zf8W8Qge3ZwS2Grkc0n0bbFSPH:v+uRgF5MZkcuemarbvbwf
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:8E94F9926E7D56EF87576B02A1022D38
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:1B5392C3772C6F3CA1FE20A3E2D60135B2E9EB6F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:3B413A51E4288FE007164A577D6566FB54E9141B6D3AF60F4E5D63F39EBED1BA
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:600C7DCABC99D6E0A74DAA3A9855D5126D61DD9AD1D5B5930836E72A9A71AEBD4F35D8291BAE23BFFC9DE926F4E4821DE9DE277B9002DFC0FB922E43E6E0921A
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:mozLz40..9....{"version":["ses....restore",1],"windows":[{"tab..bentrie...1url":"https://accounts.google.com/v3/signin/identifier?continue=:...%3A%2F%2Fwww.youtub<.2%2F;...%3Faction_handle_....Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dh. 25j..5l..5n..352F..P%253F...9..;..=..+.....C.S52Fv3......>..2Fchallenge....pwd%26feature%3Dredirect_login&hl=en&ifkv=AcMMx-cpJ04ug4EML0ugqxi6bI10BarTEeJPhjwXToGG0BQgA6LDyUEeAS_qVWZ4i_rLI8kqdIF-dw&passive=true&service=w...&uilel=3&flowName=GlifWebSignIn..rEntry=S9..L....dsh=S-402626248%3A1733584781465472&ddm=1","title":"YouTube","cacheKey":0,"ID":6,"docshellUUID":"{da5b7043-9a61-438c-858a-84715144f385}","originalURI............?{........../pwd","resultPrinciph..\...........loadReplace":......2...".`entTyp-..text/html","p|...ToInherit_base64":"{\"0\":...\"moz-null4...:{cd5814c6-248f-4c57-a112-226100cbf9f5}?0.......\"}}","hasUserInter......triggering'.....3...D.EdocI...":22,"persistL...}],"lastAccessed":W...8819297,"hidden":false,"searchMode":...,"userCon@

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\1

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):845025
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9984831705350565
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:zeNDTvPxKovG9W8KB9GrBbY8eye2IBj5DPXZAJs5rLRaSCAQ2FIC:zexb8ovpce2Ix5lAJHs1
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:3C0510E656BD1BFBA51E5CB1D01C583E
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:21DF7921538731421496BC2D90C21EFBE5C5A133
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:B367FA073E2F50D8119023190AEB4ED8050FD28CF823CCE070E240FBD7BA3E05
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:2AE50A395BCE993601742FED45D8BD333D97F66B2D9504D603FC32995417AA946E1CDC9BE2F9C1B8DC6A3A27770B501A756F98C6A6F6C7EA382AFA1A16AEA624
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:....T/....o......d.g.`U..........Ov.......E7R.....d.7o.Y./3...&..Bc...A....@...|.7...aa......,.."...ww.h..U)mE/R.H...........`.o........./.U.h.j."w.....B.@..E....@...?.2.7....~'.M..w. ......v..0Ci.P|...|;..B..V.......>A...Y3.Of............}H]qeD)e~E.#2~3..~..m.=.]...........L..D.g..2.....P.6U.?.I..zT.9~.;...o..?[y..T.&9M..).8.L.0b..].jo.-...>^..u......>....a...t["..&.R;..jV....8..:.]. 4+.t......V.Ej.t'.p........<.]f...f/b.).@.k...o..<.v....K.p_..$..xD...V...O1._J...F_.`'Ers.!..%7^.;..>*..Xl.J.vy..X.q..U.........`...*8+.V.. VA.:.sh.$~.:...J.d..9..f.r......~lP.Z%....C....8..D<K.A......R........$..v."...{.'.9.AZx?.>.Hxf...8<.j..|/d.^.bV6g.Q...kh5....3..W.A....[0....).0..R."..== .k.6mU<x.rK.&..#R|;.#..s..Y..9).(.R.r.,.+.....2...z..S..D........|.`PL..|.UY6}r*.....&{.....>6...DN.....0.......L...........(I5........lp.6p.......{.v.j...$.?..r.h..........K.n..RA/JF....YWa...V...O......\=.G0....p_.leW.7.......EO(M^.c./..X.....K..w..E..

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.0370529910323185
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:YrSAYMJeUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7w86SLAVL7J5FtsfAct:yci+TEr5ZwoIhzzcHvbx6Kkdrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:D2C5402D0E29D68885BC0728098E2D64
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:CF436BA1D42DCD897F1D0D7ECCF85D39FE53380F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:783469C3A46D9509C233C94E9C7B5C6B44EF12C95ABC1FE8A72EEBA90AD59C6F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:5032EB30560A3263DE0422EB4F75263960465D7FC477A7575AA6088879D1D69631F5AA832E924D2660751C455C2CB9009610FA27014B7513CC957635B04B9782
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-07T16:25:49.835Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                                Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.0370529910323185
                                                                                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:YrSAYMJeUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7w86SLAVL7J5FtsfAct:yci+TEr5ZwoIhzzcHvbx6Kkdrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:D2C5402D0E29D68885BC0728098E2D64
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:CF436BA1D42DCD897F1D0D7ECCF85D39FE53380F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-256:783469C3A46D9509C233C94E9C7B5C6B44EF12C95ABC1FE8A72EEBA90AD59C6F
                                                                                                                                                                                                                                                                                                                                                                                                                SHA-512:5032EB30560A3263DE0422EB4F75263960465D7FC477A7575AA6088879D1D69631F5AA832E924D2660751C455C2CB9009610FA27014B7513CC957635B04B9782
                                                                                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                                Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-07T16:25:49.835Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.710361690034295
                                                                                                                                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                                                                File name:file.exe
                                                                                                                                                                                                                                                                                                                                                                                                                File size:973'824 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5:4316066b2799fa412066927b9445bd7b
                                                                                                                                                                                                                                                                                                                                                                                                                SHA1:e23dbc2ec82b159a02b109e51b477cd5420c6fbb
                                                                                                                                                                                                                                                                                                                                                                                                                SHA256:1ddc494a80d164d4a39965ac4fa82bb7c08c864146de236d1129b533f38a5ed4
                                                                                                                                                                                                                                                                                                                                                                                                                SHA512:f921c89d0b50421557ea688e7f15c9c8acb1410f30944ad198677dad203e89d72fef8a16581d4567d96e7046de40c1cde08ee080007a25428c3fc970fe256519
                                                                                                                                                                                                                                                                                                                                                                                                                SSDEEP:24576:eqDEvCTbMWu7rQYlBQcBiT6rprG8aRvyns+:eTvC/MTQYxsWR7aRd
                                                                                                                                                                                                                                                                                                                                                                                                                TLSH:6C25AE0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                                                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                                                                                                                                Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                                                                Time Stamp:0x675465E0 [Sat Dec 7 15:12:32 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                                                                Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                                                                                                                                call 00007F278CBC2953h
                                                                                                                                                                                                                                                                                                                                                                                                                jmp 00007F278CBC225Fh
                                                                                                                                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                call 00007F278CBC243Dh
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                                                                                                                                retn 0004h
                                                                                                                                                                                                                                                                                                                                                                                                                and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                call 00007F278CBC240Ah
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                                                                                                                                retn 0004h
                                                                                                                                                                                                                                                                                                                                                                                                                and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                                                                and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                                                add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                                                                                                                                call 00007F278CBC4FFDh
                                                                                                                                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                                                                                                                                mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                                                                pop esi
                                                                                                                                                                                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                                                                                                                                                                                retn 0004h
                                                                                                                                                                                                                                                                                                                                                                                                                lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                                                                                                                                call 00007F278CBC5048h
                                                                                                                                                                                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                                                                                                                mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                                                                lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                                                                mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                                                                                                                                call 00007F278CBC5031h
                                                                                                                                                                                                                                                                                                                                                                                                                test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                                                                pop ecx

                                                                                                                                                                                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x17028.rsrc
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xec0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                                                                .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                                                                .rsrc0xd40000x170280x172003d1baa4019637ac2ca494f95de60a68cFalse0.7106630067567568data7.215629708183657IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                                .reloc0xec0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                                                                RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                                                                RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                                                                RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                                                                RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                                                                RT_RCDATA0xdc8fc0xe1aadata1.0004500605850788
                                                                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0xeaaa80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0xeab200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0xeab340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0xeab480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                                                RT_VERSION0xeab5c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                                                                RT_MANIFEST0xeac380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                                                                                                                                WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                                                                VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                                                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                                                                COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                                                                MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                                                                WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                                                                PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                                                                IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                                                                UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                                                                KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                                                                USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                                                                GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                                                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                                                                ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                                                                SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                                                                ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                                                                OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                                                                EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.636190891 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.636233091 CET4434971735.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.643985033 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.648896933 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.648910046 CET4434971735.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.723742962 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.723773956 CET44349718142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724018097 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724064112 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724137068 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724595070 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724611998 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.726010084 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.726022959 CET44349718142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.727555037 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.727572918 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.927548885 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.931857109 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.932226896 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.197894096 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.671717882 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.671765089 CET4434972234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.672525883 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.672568083 CET4434972334.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.672878027 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.672915936 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.673672915 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.673681021 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.673846006 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.952442884 CET4434971735.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.952457905 CET4434971735.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.960882902 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.171227932 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.225545883 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.269439936 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.269462109 CET4434972234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.275394917 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.275423050 CET4434972334.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.275559902 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.275593996 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.275670052 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.283938885 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.283972025 CET4434971735.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.284056902 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.284219980 CET4434971735.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.288093090 CET49717443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.858546972 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.901968956 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.902046919 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.902566910 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.903178930 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.903949976 CET44349718142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.904175997 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.904812098 CET44349718142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.905726910 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.908497095 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.908510923 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.908879995 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.908884048 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.908901930 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.911329031 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.911338091 CET44349718142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.911422014 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.911621094 CET44349718142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.911674023 CET49718443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001090050 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.004962921 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.006350040 CET4972980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.006562948 CET4973080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.014111042 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.014142036 CET4434973134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.014780998 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.015008926 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.015022993 CET4434973134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.047813892 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.119334936 CET44349719142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.119390011 CET49719443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.276654005 CET4973280192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.276968956 CET4973380192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.521584988 CET804972934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.521692991 CET4972980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.521866083 CET4972980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.531447887 CET804973034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.531529903 CET4973080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.531699896 CET4973080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.795178890 CET804973234.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.795269012 CET4973280192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.795305967 CET804973334.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.795445919 CET4973380192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.887433052 CET804972934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.916358948 CET804973034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.130640030 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.130672932 CET4434973518.66.161.4192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.130805969 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.132581949 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.132603884 CET4434973518.66.161.4192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.382864952 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.387334108 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.391829014 CET4434972334.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.391936064 CET4434972234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.392781973 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.392924070 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.392927885 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.403338909 CET4434972234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.407949924 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.407977104 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.408210993 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.412980080 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.453356028 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.479654074 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.479964018 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.482630968 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.482640028 CET4434972435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.486428976 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.486448050 CET4434972334.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.486514091 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.486685991 CET4434972334.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.493527889 CET49723443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.496512890 CET49724443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.545591116 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.545599937 CET4434972234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.545716047 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.545866966 CET4434972234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.552104950 CET49722443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.850917101 CET804972934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.886817932 CET804973034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.891343117 CET4972980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.892559052 CET4434973134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.892688036 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.895685911 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.895694017 CET4434973134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.895967007 CET4434973134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.898503065 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.898597002 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.898662090 CET4434973134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.898718119 CET49731443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.938209057 CET4973080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.984020948 CET4434973518.66.161.4192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.984095097 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.988909960 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.988920927 CET4434973518.66.161.4192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.988981962 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.989043951 CET4434973518.66.161.4192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:23.989164114 CET49735443192.168.2.718.66.161.4
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.600197077 CET4973080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.600234032 CET4972980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.600255966 CET4973380192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.600270987 CET4973280192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738539934 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738580942 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738640070 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738774061 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738787889 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.854268074 CET804973034.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.855293036 CET804972934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.855348110 CET804973334.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.855365992 CET804973234.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.859481096 CET4973080192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.859498024 CET4972980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.859514952 CET4973380192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.859520912 CET4973280192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.278491974 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.278516054 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.279757023 CET4974580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.281264067 CET4974680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.281742096 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.283512115 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.283530951 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.307650089 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.307683945 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.309278011 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.310812950 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.310827971 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.535351038 CET4974880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.535625935 CET4974980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.661732912 CET804974534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.661741972 CET804974634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.661808968 CET4974580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.661844969 CET4974680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.662084103 CET4974580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.662182093 CET4974680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.688105106 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.688134909 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.688226938 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.689883947 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.689897060 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.690258980 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.690267086 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.690404892 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.691898108 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.691905975 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.163290977 CET804974834.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.163296938 CET804974934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.163387060 CET4974880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.163583994 CET804974534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.163589001 CET804974634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.163613081 CET4974980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.519705057 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.519773960 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.523174047 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.523184061 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.523442984 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.532444954 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.579334974 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.973562956 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.973601103 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.973903894 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.975361109 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.975377083 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.129400969 CET804974634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.133497953 CET804974534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.141700983 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.141774893 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.144340992 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.144349098 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.144412041 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.144793034 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.144808054 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.179650068 CET4974580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.179663897 CET4974680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.195332050 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.844075918 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.844264030 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.844935894 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.846636057 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.846642971 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.846699953 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.846796036 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.846867085 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.849273920 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.849277973 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.849340916 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.849426985 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.849447966 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.887331963 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.900316954 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.900324106 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.900351048 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.900356054 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.953756094 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.953871965 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.046866894 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.047180891 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.047238111 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.047482014 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.047501087 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.047511101 CET49743443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.047517061 CET4434974335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.171943903 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.172034979 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.172727108 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.172786951 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.175064087 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.175076008 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.175168037 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.175242901 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.216862917 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.216876030 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.270303011 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.461687088 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.461759090 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.464587927 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.464828968 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.464849949 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.464864016 CET49744443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.464870930 CET4434974434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.747209072 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.747272968 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.747456074 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.760097980 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.760257959 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.762411118 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.762419939 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.762495041 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.762558937 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.803086042 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.803111076 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.806757927 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.806847095 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.810184002 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.810549021 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.810561895 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.810571909 CET49751443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.810576916 CET4434975134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.856424093 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.346746922 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.346846104 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.346899033 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.347131014 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.347150087 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.347161055 CET49747443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.347167015 CET44349747142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.450592041 CET4974680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.450645924 CET4974580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.450653076 CET4974980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.450678110 CET4974880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.509187937 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.509187937 CET49750443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.509207010 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.509218931 CET4434975034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663827896 CET804974634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663878918 CET804974934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663893938 CET804974534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663898945 CET4974680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663938046 CET804974834.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663942099 CET4974980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.663952112 CET4974580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.664001942 CET4974880192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.859190941 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.859288931 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.860285997 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.514873981 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.514900923 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.514909029 CET49754443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.514914989 CET4434975434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.523463964 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.774589062 CET4976780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.839365005 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.839446068 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.839606047 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.973680973 CET804976734.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.973754883 CET4976780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.086453915 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.722558022 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.722608089 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.723221064 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.724745989 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.724764109 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.035115004 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.093079090 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.145497084 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.145529985 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.145840883 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.147448063 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.147463083 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.173733950 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.173794985 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.174273014 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.174489021 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.174506903 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.569773912 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.569812059 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.570585012 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.572256088 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.572266102 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.574361086 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.574397087 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.574460030 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.574577093 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.574599028 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.193742037 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.193824053 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.197071075 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.197082043 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.197163105 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.197352886 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.197382927 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.249743938 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.249761105 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.296619892 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.808785915 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.808852911 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.864510059 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.864535093 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.865108967 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.865616083 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.907325983 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.028620005 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.028693914 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.029232979 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.029289961 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.031558990 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.031563997 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.031632900 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.031737089 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.042393923 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.042465925 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.042814016 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.042879105 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.046304941 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.046314001 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.046458006 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.046471119 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.046514034 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.046535015 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.047372103 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.075342894 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.083304882 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.083328009 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.091322899 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.098916054 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.098927021 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.130187035 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.152340889 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.300390005 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.300463915 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.300844908 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.300879002 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.300887108 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.300894976 CET4434976834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.302700043 CET49768443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.305883884 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.305919886 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.306030989 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.307470083 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.307480097 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.577891111 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.577934980 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.578032017 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.579596043 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.579608917 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.898960114 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.899131060 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.899188995 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.899437904 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.899452925 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.899463892 CET49775443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.899468899 CET4434977534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.901284933 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.901403904 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.901752949 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.902023077 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.902029037 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.902036905 CET49773443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.902041912 CET4434977334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.225039005 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.227194071 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.227256060 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.227515936 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.227530003 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.227535963 CET49772443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.227541924 CET44349772172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314656973 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314698935 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314755917 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314790964 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314826965 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314961910 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.314973116 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.315148115 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.315256119 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.315265894 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.891743898 CET4976780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.023646116 CET804976734.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.023941994 CET4976780192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.135665894 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.139957905 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.139976025 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.140054941 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.140161037 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.187333107 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.192367077 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.372622013 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.372697115 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.375289917 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.375303030 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.375392914 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.375443935 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.419337034 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.424185038 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.424194098 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.477581024 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.760519981 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.760642052 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.761337042 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.762862921 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.763700008 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.763708115 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.763971090 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.766408920 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.766419888 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.766674995 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.767101049 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.767151117 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.807334900 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.811330080 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.910427094 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.910449982 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.910602093 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.910643101 CET4434977434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.910787106 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.910801888 CET49774443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934329033 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934417009 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934727907 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934753895 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934770107 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934777021 CET4434978434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.934906006 CET49784443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.939963102 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.939984083 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.940078974 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.941700935 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.941710949 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.212414980 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.213053942 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.213113070 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.213789940 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.213813066 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.213824987 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.213830948 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617372990 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617446899 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617604017 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617633104 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617822886 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617889881 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.617899895 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619132996 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619718075 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619757891 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619786024 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619796991 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619811058 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.619827986 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.627185106 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.627238989 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.627263069 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.627490997 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.627552986 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.627557993 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.646353960 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.646450996 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.646470070 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.646610975 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.646682024 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.646687031 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.665591955 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.665972948 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.666487932 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.666515112 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.666560888 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.666575909 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.712333918 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.712398052 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.892188072 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.892474890 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896364927 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896461010 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896462917 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896506071 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896703005 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896719933 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896729946 CET49787443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896734953 CET4434978734.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896934986 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896959066 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896970034 CET49786443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.896977901 CET4434978634.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.934623957 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.934654951 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.934794903 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.934973001 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.934986115 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.395414114 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.396424055 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.396445990 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.396497011 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.396620989 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.439341068 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.445651054 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496273994 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496337891 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496395111 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496642113 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496642113 CET49794443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496648073 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.496655941 CET4434979434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.501612902 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.501655102 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.501872063 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.503496885 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.503514051 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.678642035 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.686985016 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.690540075 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.690567970 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.690870047 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.702944994 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.747328997 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.360348940 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.360537052 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.363156080 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.363341093 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.363341093 CET49797443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.363364935 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.363374949 CET4434979734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.371345043 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.371402025 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.371615887 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.371735096 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.371752024 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.983609915 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.984754086 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.984786034 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.984841108 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:41.984951973 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.027338028 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.033562899 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.055700064 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.254787922 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670485973 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670569897 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670624971 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670840979 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670859098 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670869112 CET49801443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.670875072 CET4434980134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.676330090 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.676369905 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.676443100 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.678014994 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.678026915 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.754686117 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.754745007 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.758862019 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.758873940 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.759151936 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.759573936 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.803335905 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.213537931 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.213630915 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.213767052 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.214015007 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.214015007 CET49806443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.214025021 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.214035034 CET4434980634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.221546888 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.221566916 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.221745968 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.221904039 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.221915960 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.959403038 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.960390091 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.960416079 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.960469961 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:43.960550070 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.001111984 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.003324032 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665328026 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665421963 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665489912 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665795088 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665816069 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665829897 CET49809443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.665836096 CET4434980934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.670941114 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.670985937 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.671116114 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.672620058 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.672636986 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.720280886 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.720352888 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.723565102 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.723572016 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.723793030 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.724427938 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:44.767338991 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.218918085 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.218983889 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.223490000 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.223633051 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.223653078 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.245111942 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.245158911 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.246248007 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.246256113 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.249048948 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.249264956 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.249264956 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.249288082 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.250740051 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.250751019 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415457010 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415502071 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415707111 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415716887 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415847063 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415869951 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415906906 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.415918112 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.416013956 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.416167974 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.416177034 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.416186094 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.416316986 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.416337967 CET4434981534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.417138100 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.417154074 CET49815443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.457617998 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.457652092 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.458446980 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.458595037 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.458611012 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.460304022 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.460354090 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.460465908 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.460566998 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.460577011 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.168267012 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.168301105 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.168370962 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.170231104 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.170244932 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.189351082 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.190335989 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.190356970 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.190402985 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.190520048 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.235323906 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.238034010 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.273454905 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.273489952 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.273575068 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.273682117 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.273695946 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.719351053 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.719393015 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.719490051 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.721215010 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.721229076 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.200711966 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.200789928 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.203039885 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.203115940 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.203413010 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.203469992 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.203994036 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.204005003 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.204256058 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.206914902 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.206926107 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.207151890 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.209197998 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.209486008 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.209830046 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.209835052 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.209933996 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.209990978 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.251339912 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.251354933 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.255338907 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.255830050 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.255837917 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.309243917 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.323182106 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.323256969 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.323957920 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.324883938 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.326044083 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.326056004 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.326349974 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.328634024 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.328640938 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.328871965 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.329097986 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.329561949 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.371328115 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.371337891 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.949323893 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.949407101 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.950608015 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.950956106 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.950956106 CET49820443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.950979948 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.950989008 CET4434982034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.956573963 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.956608057 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.956866980 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.959132910 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.959146976 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.958239079 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.960818052 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.964411974 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.964420080 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.964538097 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.964621067 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.007330894 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.013139963 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.013150930 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.073523045 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.291121960 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.291141033 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.291151047 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.291393042 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.291435003 CET4434982335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.292484045 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.292500019 CET49823443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.328691006 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.328799009 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.331882000 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.331888914 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.332351923 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.332875967 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.375339031 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.391067028 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.391114950 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.391295910 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.392992020 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.393001080 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.679150105 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.679198027 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.679620028 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.679644108 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.680494070 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.692503929 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.692527056 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.707324028 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.708513021 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.743362904 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.743560076 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.782979012 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789010048 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789083004 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789350986 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789635897 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789657116 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789668083 CET49824443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.789674044 CET4434982434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.804466009 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.804541111 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.809020042 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.809483051 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.809501886 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.809514046 CET49825443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.809519053 CET4434982534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.829119921 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.857783079 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862344027 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862483025 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862543106 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862689018 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862704992 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862736940 CET49821443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.862742901 CET4434982135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.907249928 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.907265902 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.960654974 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.261533022 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.548522949 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.548597097 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.551481009 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.551490068 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.551569939 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.551778078 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.551789999 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.593652010 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.186070919 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.187180042 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.187197924 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.187273026 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.187458992 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.231336117 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.247991085 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.264466047 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.295797110 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.295809031 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.341224909 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.341728926 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.341836929 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.341980934 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.342001915 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.342015982 CET49826443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.342020988 CET4434982635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.343202114 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.344043016 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.344053030 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.396020889 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.419512033 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.465109110 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.465121984 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.511217117 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.511225939 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.565356016 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.565366030 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.577862024 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.578027964 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.578128099 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.578346014 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.578346014 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.578365088 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.578373909 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.586934090 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.586994886 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.587060928 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.587203026 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.587219954 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.610131025 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.610198975 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.610209942 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.650031090 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.650042057 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.696891069 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.724363089 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.765961885 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.765971899 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.801129103 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.802721024 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.803452969 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.803452969 CET49822443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.803478003 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.803489923 CET4434982234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.814007044 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.814034939 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.817953110 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.818113089 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.818125010 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.858608007 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.227560997 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.228622913 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.228645086 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.228704929 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.228812933 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.275322914 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.283034086 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.019756079 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.052898884 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.052934885 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.053219080 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.054902077 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.054918051 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588027000 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588063002 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588172913 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588197947 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588342905 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588356018 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588634968 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588649988 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588819981 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.588830948 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.284889936 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.284940958 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.285034895 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.285067081 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.285346985 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.285375118 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286537886 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286546946 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286583900 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286853075 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286868095 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286995888 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.287029028 CET44349834216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.288587093 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.288604021 CET49834443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.880120039 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.880203962 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.882807970 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.883105993 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.883121014 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.883131981 CET49835443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.883136988 CET4434983534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.435357094 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.435448885 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.438425064 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.438437939 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.438678026 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.439146996 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.479337931 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.396615028 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.396756887 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.399801970 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.399813890 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.400049925 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.400553942 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.447336912 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.133552074 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.133677006 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.134200096 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.135596991 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.135596991 CET49836443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.135615110 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:01.135623932 CET4434983634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.970890045 CET49847443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.970937967 CET4434984734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.971287966 CET49847443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.972930908 CET49847443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.972961903 CET4434984734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.032289028 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.068114996 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.068140030 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.601504087 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.601505041 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.601521015 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.601521015 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.679164886 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.679271936 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.681585073 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.681596994 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.681670904 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.681750059 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.727323055 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.733048916 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.733061075 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.786448956 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.953326941 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.954500914 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.959325075 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.963324070 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.971503019 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.971537113 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.974456072 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.974467993 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.974843025 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.976914883 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.976927042 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.977256060 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.987356901 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.987375975 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.033889055 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.035320997 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.035320997 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.035403013 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.162848949 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.213888884 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.214018106 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.214874029 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.215181112 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.215202093 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.215213060 CET49837443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.215219021 CET4434983735.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.233527899 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.233584881 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.233833075 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.233967066 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.233983994 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.761991978 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.958323956 CET49847443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.966357946 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.966412067 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.977821112 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.979526043 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.979549885 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.991101027 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.999326944 CET4434984734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.072766066 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.072812080 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.073314905 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.073348999 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.073374033 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.074300051 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.074320078 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.074420929 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.182387114 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.240103960 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.325870991 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327074051 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327089071 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327097893 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327223063 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327251911 CET4434983834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327744961 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.327835083 CET49838443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.337738991 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.337785006 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.341015100 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.341353893 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.341373920 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.360645056 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.360733986 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.361290932 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.364386082 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.364386082 CET49839443192.168.2.734.98.75.36
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.364418983 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.364429951 CET4434983934.98.75.36192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.389708042 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.389760971 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.393452883 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.393767118 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.393783092 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.423238993 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.423295021 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.428767920 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.428971052 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.428996086 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.481879950 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.481952906 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482352972 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482633114 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482652903 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482661963 CET49841443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482667923 CET4434984135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482690096 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.482800007 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.486625910 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.486900091 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.486917973 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.486926079 CET49842443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.486931086 CET4434984235.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.496364117 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.496397018 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.496509075 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.496731997 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.496742964 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.074173927 CET4434984734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.074305058 CET4434984734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.075913906 CET49847443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.075953007 CET49847443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.316140890 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.319056034 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.321911097 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.321926117 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.322350025 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.331578016 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.379323959 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.446994066 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.451523066 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.451560974 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.451612949 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.451683044 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.492235899 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.499330997 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.588345051 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.590436935 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.592986107 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.592997074 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.593229055 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.653742075 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.790021896 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.790467978 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.790568113 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.790659904 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.793549061 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.793557882 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.793865919 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.796102047 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.796111107 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.796386957 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.796559095 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.815521002 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.821993113 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822050095 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822312117 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822334051 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822563887 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822588921 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822861910 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822870016 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.822958946 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.823115110 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.823122025 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.823132992 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.823142052 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.823187113 CET4434984834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.826425076 CET49848443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.843331099 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.859332085 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.904844999 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.905042887 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.907577991 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.907584906 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.907833099 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.916244030 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:09.963344097 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.028367043 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.028445005 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.032593966 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.032882929 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.032907009 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.032919884 CET49849443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.032926083 CET4434984934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.040399075 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.040457010 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.040549994 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.042016029 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.042045116 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.328418970 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.328761101 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.328788996 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.329550028 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.330038071 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.330105066 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.339756012 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.339766026 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.339770079 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.340503931 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.340528965 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.340539932 CET49851443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.340552092 CET4434985134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.342528105 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.345259905 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.345268965 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.354087114 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.354139090 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.354419947 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.354545116 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.354563951 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.370558977 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.370635986 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.372134924 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.372148037 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.372313976 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.469654083 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.469708920 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.469770908 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.469799995 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.470283985 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.470304012 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.470824003 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.470833063 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.470944881 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.471107006 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.471252918 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.471267939 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.471277952 CET49853443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.471282005 CET4434985334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.473251104 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.473483086 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.477293968 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.477525949 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.477555037 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.477569103 CET49852443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.477576971 CET4434985234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.499944925 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.500001907 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.501147985 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.501560926 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.501578093 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.504466057 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.504518032 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.505522013 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.505637884 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.505656004 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.322874069 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.323982000 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.324012995 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.324096918 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.324186087 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.371328115 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.449395895 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.782741070 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.787328005 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.790524960 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.796207905 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.796231985 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.796576977 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.798862934 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:11.843333006 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.011028051 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.011054039 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.011246920 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.011432886 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.014215946 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.014224052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.014522076 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.016643047 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.016652107 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.016870975 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.032916069 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.072948933 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.075330973 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.113641977 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.113717079 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.114029884 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.114063025 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.114080906 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.114089012 CET4434985934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.114198923 CET49859443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.119332075 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.119370937 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.123868942 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.125360012 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.125370979 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.410139084 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.410187006 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.410687923 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.410727978 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.411551952 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.412003040 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.412023067 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.412394047 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.421859026 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.445497036 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.445801973 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.445832968 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.469077110 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.474178076 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.474215031 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.520030022 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.531864882 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.582537889 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.582562923 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.607722044 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.608449936 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.608469009 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.610143900 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.612983942 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.612992048 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.614053965 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.614443064 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.614475965 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.614775896 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.614784956 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.615041018 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.616708994 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.616717100 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.617047071 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.621958017 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.631927967 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632040977 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632181883 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632208109 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632385015 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632427931 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632534027 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.632545948 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.642913103 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.653898954 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.654114962 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.654145002 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.665093899 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.665271044 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.665302038 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.675399065 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.675412893 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.676037073 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.676276922 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.676285982 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687032938 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687105894 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687165976 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687186956 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687199116 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687330008 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687547922 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687570095 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687580109 CET49860443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.687586069 CET4434986034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.716720104 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.722481966 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.722524881 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.722929955 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.724345922 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.724354982 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.801126003 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.804980040 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.809039116 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.816540956 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.816646099 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.817141056 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.817164898 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.823590994 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.824553967 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.832904100 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.833324909 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.833333015 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.840790987 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.840887070 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.840893984 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.848686934 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.848779917 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.848787069 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.856637001 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.856661081 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.856682062 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.856693983 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.856829882 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.864640951 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.872595072 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.873028994 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.873043060 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.880592108 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.881942987 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.881949902 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.896761894 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.896815062 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.896821976 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:12.948520899 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.011871099 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.015238047 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.015337944 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.015366077 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.023392916 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.023519039 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.023545027 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.031413078 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.033241034 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.033250093 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.039596081 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.043088913 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.043106079 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.047399044 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.047890902 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.047899008 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.062524080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.062828064 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.064471960 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.064507961 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.065330029 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.069607973 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.076786041 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.076944113 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.080080986 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.080096006 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.080482960 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.083956003 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.091187000 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.091263056 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.096693039 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.096704006 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.097839117 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.098537922 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.105894089 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.105948925 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.105959892 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.113847971 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.114696026 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.114707947 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.120364904 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.120506048 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.120515108 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.134346962 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.134565115 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.136981964 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.137008905 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.142419100 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.150228977 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.157212019 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.157248020 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.217518091 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.242249966 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.243501902 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.244726896 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.244736910 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.249475956 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.251595020 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.251604080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.255451918 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.256337881 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.256344080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.261038065 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.265487909 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.265495062 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.272124052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.272214890 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.272222042 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.277614117 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.277724028 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.277818918 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.277826071 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.277960062 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.283160925 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.288260937 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.288849115 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.288857937 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.293560982 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.294835091 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.294846058 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.298793077 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.298989058 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.299000025 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.304291010 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.305114031 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.305123091 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.315860987 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.316785097 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.318371058 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.318378925 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.319489956 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.321696997 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.329451084 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.329476118 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.330498934 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.330528975 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.330588102 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.335072041 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.340821028 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.340991020 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.341000080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.347450972 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.348037958 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.348045111 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.388726950 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.389909983 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.389929056 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.389986038 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.390108109 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.399012089 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.399032116 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.435329914 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.439275026 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.459413052 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.470019102 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.471844912 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.471899986 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.471910000 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.481770992 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.482062101 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.486836910 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.486984015 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.490704060 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.495181084 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.495646000 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.499425888 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.499779940 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.499809027 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.503537893 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.503990889 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.504112005 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.504122972 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.504606962 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.504762888 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.504772902 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.513793945 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.513833046 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.513861895 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.518578053 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.520030975 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.520067930 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.523329020 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.523339987 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.523349047 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.523447990 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.528162956 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.534548998 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.534578085 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.539216995 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.540265083 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.540277004 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.543926954 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.544899940 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.544928074 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.545514107 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.545522928 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.546658039 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.546685934 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.546713114 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.546721935 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.546811104 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.549273014 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.553185940 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.553352118 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.554205894 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.554219961 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.554467916 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.621335983 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.621361971 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.621517897 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.621545076 CET4434985034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.621866941 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.621885061 CET49850443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.644768000 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.649281979 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.649316072 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.651209116 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.651237011 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.651341915 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.653393984 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.657587051 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.657610893 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.661186934 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.661247015 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.661256075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.665600061 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.666506052 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.666515112 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.669431925 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.670181990 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.670192003 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.673455000 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.673662901 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.673670053 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.676944017 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.678807974 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.678816080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.682887077 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.682936907 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.682946920 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:13.741857052 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.008641005 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.008822918 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.011174917 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.011183977 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.011261940 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.011341095 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.051282883 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.051290989 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.104701042 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.126864910 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.167498112 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.199434042 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.200730085 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.202079058 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.202090979 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.204829931 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.204988003 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.204994917 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.208728075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.208944082 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.208956957 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.251883030 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.313014030 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.315221071 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.316103935 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.316905975 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.316920042 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.317147970 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.319363117 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.323065996 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.324412107 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.324424028 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.326798916 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.329046011 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.329055071 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.384825945 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.429471970 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.431216002 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.434458017 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.435003996 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.435261011 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.435281038 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.438699007 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.439192057 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.439204931 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.442641973 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.444158077 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.444169044 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.485662937 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.545612097 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.548727036 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.550925970 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.551333904 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.554836988 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.555026054 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.558279037 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.558293104 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.558820009 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.559078932 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.559084892 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.562786102 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.562882900 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.562891960 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.570499897 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.570575953 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.570589066 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.574382067 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.574445009 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.574456930 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.580857992 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.580919981 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.580929041 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.582483053 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.582540035 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.582545996 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.586975098 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.587332964 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.587337017 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.590676069 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.590862036 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.590867043 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.597649097 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.597709894 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.597717047 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.601660013 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.601747036 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.601752996 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.605494022 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.605743885 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.605752945 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.609524012 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.609580994 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.609586000 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.659015894 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.836343050 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.836421013 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.836647987 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.836682081 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.836697102 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.836704969 CET4434986934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.840914011 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.840939045 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.841012955 CET49869443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.841063023 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.842495918 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.842509985 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.075722933 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.077574968 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.077821016 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.077837944 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.081317902 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.081886053 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.082580090 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.082587004 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.082906008 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.085051060 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.088536024 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.088778019 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.088783979 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.129167080 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.161770105 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.162998915 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.163080931 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.163091898 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.166594028 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.168215036 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.168222904 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.195187092 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.196096897 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.196111917 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.199192047 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.199908018 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.199918032 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.245085001 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.285542011 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.287244081 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.287795067 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.287817001 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.317825079 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.319041014 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.319082022 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.320164919 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.320184946 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.322725058 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.323178053 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.323184967 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.376651049 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.409323931 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.411001921 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.411175966 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.411200047 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.414237976 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.417438984 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.417620897 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.417634010 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.417903900 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.421169996 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.438978910 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.439006090 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.440817118 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.444473982 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.444504976 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.448879004 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.449037075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.449192047 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.449227095 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.452634096 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.456423044 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.457953930 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.457963943 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.458072901 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.460182905 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.463908911 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.464202881 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.467988968 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.468262911 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.468271017 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.468290091 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.468611956 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.487304926 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.487371922 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.487448931 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.487508059 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.489659071 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.489980936 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.490041018 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.490056992 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.490170002 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.490187883 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.496721029 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.496752977 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.497134924 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.497169018 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.497462034 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.497488022 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.497658968 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.497687101 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.500818968 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.500828981 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.500840902 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501050949 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501058102 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501173019 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501193047 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501269102 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501279116 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501302958 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501380920 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.501389027 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.530023098 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.531991959 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.535474062 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.535922050 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.539055109 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.539326906 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.549269915 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.549295902 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.590641022 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.604471922 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.604526997 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.605003119 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.605149031 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.605977058 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.605997086 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.606439114 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.606668949 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.606693983 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.606744051 CET4434987034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.606812000 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.606883049 CET49870443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.674201965 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.674218893 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.674369097 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.675925016 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.675937891 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.732317924 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.732348919 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.732539892 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.732578039 CET4434986134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.732625961 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.732673883 CET49861443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.765965939 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.768202066 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.769972086 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.769998074 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.794533014 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.794578075 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.795193911 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.796780109 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.796796083 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.812537909 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.829798937 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.831759930 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.832750082 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.832763910 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.856316090 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.856359959 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.864083052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.868736982 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.868839979 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.868853092 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.870270967 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.870285988 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.913228035 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.913510084 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.913523912 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.917270899 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.929649115 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.962359905 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.964553118 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.964564085 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.966001034 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.966044903 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.966243982 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.967986107 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.967998981 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.995157957 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.998051882 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.998061895 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.007050037 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.007078886 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.010478020 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.012000084 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.012012959 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.044326067 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.045721054 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.045739889 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.077117920 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.078315020 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.078332901 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.104330063 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.104379892 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.107111931 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.109648943 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.109672070 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.109777927 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.115412951 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.115432978 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.142529011 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.157639980 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.157658100 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.175345898 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.175956964 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.175975084 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.224401951 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.236568928 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.236593962 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.250430107 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.250456095 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.273691893 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.277025938 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.277056932 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.306333065 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.308480978 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.308501959 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.355495930 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.357902050 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.357923985 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.359112978 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.371793032 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.404674053 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.408539057 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.408556938 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.453787088 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.456598997 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.456623077 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.486656904 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.490680933 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.490709066 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.519368887 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.520330906 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.520355940 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.552227974 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.556704044 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.556716919 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.584857941 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.600023031 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.600054979 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.605654001 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.605662107 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.650391102 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.650824070 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.650847912 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.682979107 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.685975075 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.685997009 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.715713024 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.716028929 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.716044903 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.761323929 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.761349916 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.781291962 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.781487942 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.781507015 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.814194918 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.816510916 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.816546917 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.846852064 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.848517895 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.848536968 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.895926952 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.901494026 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.901515961 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.928689003 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.930502892 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.930521965 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.934443951 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.934705019 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.934714079 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.945723057 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.947515965 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.947524071 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.956964970 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.957957029 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.957967043 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.979377985 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.979698896 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.983103991 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.983120918 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.983844042 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:16.990659952 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.001888990 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.002513885 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.002531052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.013278008 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.022098064 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.022109985 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.024544001 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.025074959 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.025082111 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.035830975 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.037424088 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.037432909 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.058263063 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.058449984 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.061280966 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.061300993 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.061453104 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.069492102 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.080720901 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.080807924 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.080822945 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.092209101 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.092252016 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.093468904 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.093480110 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.093568087 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.103295088 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.114793062 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.116029978 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.116040945 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.125900030 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.127708912 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.127717972 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.137154102 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.138811111 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.138820887 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.184509039 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.257812977 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.263380051 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.266565084 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.266597986 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.274843931 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.279983044 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.280002117 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.286137104 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.295622110 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.295634985 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.345994949 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.346014023 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.348401070 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.348443031 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.348659992 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.348668098 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.349338055 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.359719038 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.370997906 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.371043921 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.371054888 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.382271051 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.382741928 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.382754087 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.404807091 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.404851913 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.404864073 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.410442114 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.410496950 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.410504103 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.421688080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.422116041 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.422123909 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.432847023 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.433325052 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.433336973 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.456530094 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.456712961 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.456854105 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.456864119 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.456967115 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.467714071 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.478605986 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.479496956 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.479505062 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.489310026 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.489368916 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.489373922 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.500438929 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.506658077 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.506664038 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.511735916 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.511780977 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.511787891 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.522985935 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.524857044 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.524864912 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.534214020 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.537674904 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.537682056 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.556606054 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.556787968 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.557566881 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.557574987 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.557657957 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.567866087 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.579292059 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.579722881 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.579736948 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.590528011 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.592766047 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.592775106 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.601798058 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.602086067 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.602098942 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.613116980 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.613504887 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.613517046 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.617050886 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.618026972 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.618046045 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.618102074 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.618228912 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.618252993 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.635555029 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.635668993 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.638225079 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.638235092 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.638350010 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.646713018 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.657701015 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.657824993 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.663532972 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.663549900 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.663777113 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.668808937 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.679666042 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.680083990 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.680097103 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.690850019 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.691713095 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.691723108 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.707021952 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.707200050 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.708507061 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.708513975 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.708769083 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.718084097 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.729331970 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.730406046 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.730412960 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.740187883 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.740832090 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.740840912 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.749068975 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.751182079 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.751564026 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.751575947 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.762248993 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.762298107 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.762304068 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.783962965 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.784017086 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.784024954 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.794956923 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.795023918 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.795032024 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.805898905 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.806001902 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.806010962 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.817025900 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.817063093 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.817182064 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.817188025 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.817332029 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.828080893 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.839087009 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.851789951 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.851804972 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.851919889 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.851922035 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.851933002 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.853931904 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.854594946 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.854604006 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.854676008 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.854820013 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.854835033 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.855870008 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.856726885 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.860972881 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.861109018 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.863332033 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.867335081 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.867515087 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.867516041 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.867522955 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.867552042 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.869847059 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.869857073 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.870081902 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.871335983 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.871948004 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.871958017 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.872150898 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.875336885 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.882802963 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.882946014 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.883136034 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.885540962 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.885541916 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.885541916 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.885557890 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.885768890 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.887592077 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.887598038 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.887897968 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.889724970 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.889731884 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.890038013 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.890326977 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.890367031 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.893791914 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.893969059 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.904755116 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.905297041 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.905308008 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.905323029 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.905334949 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.905844927 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.915934086 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.920908928 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.920909882 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.920962095 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.921178102 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.921293020 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.921308041 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.921328068 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.921432972 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.926784039 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.926964998 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.936610937 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.936626911 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.937925100 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.938394070 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.938458920 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.943567038 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.943578005 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.947333097 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.959661007 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.959790945 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.961203098 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.961218119 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.961388111 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.967331886 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.999984980 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.059309959 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.063510895 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.063685894 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.066370010 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.066385031 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.066514969 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.072349072 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.076879978 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.077029943 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.077037096 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.096193075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.096232891 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.096313953 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.096326113 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.096462965 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.103470087 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.111928940 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.112083912 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.112088919 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.112098932 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.112226963 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.120876074 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.129586935 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.129944086 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.129954100 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.138398886 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.138448954 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.138456106 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.155802011 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.155981064 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.156058073 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.156064987 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.156176090 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.164624929 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.177386045 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.177439928 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.177448988 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.180979967 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.181035042 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.181041956 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.195538998 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.195633888 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.195640087 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.224586964 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.224755049 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.224790096 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.224808931 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.224906921 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.227430105 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.228995085 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.229023933 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.229080915 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.229238987 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.239299059 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.253936052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.254009008 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.254019976 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.268593073 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.273744106 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.273757935 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.275330067 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.283322096 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.283370972 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.283380032 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.298006058 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.298052073 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.298063040 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.311580896 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.312638044 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.312669992 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.312747002 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.312973022 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313225031 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313240051 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313517094 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313517094 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313530922 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313697100 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.313761950 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.315237045 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.315958977 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.315964937 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316028118 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316056013 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316505909 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316512108 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316576958 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316792011 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.316792965 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.319704056 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.319709063 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.319781065 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.320297003 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.320302010 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.320388079 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.338176966 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.338305950 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.338417053 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.338428974 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.338618040 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.342751026 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.349185944 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.358350992 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.358375072 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.373960018 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.373970985 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.389616013 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.389626980 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.405219078 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.417421103 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.417481899 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.417490959 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.422826052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.423163891 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.423175097 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.442986965 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.443027020 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.443034887 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.443042040 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.443063974 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.443074942 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.474237919 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.474246025 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.527631044 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.543294907 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.543397903 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.696649075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.702157021 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.702312946 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.706147909 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.706180096 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:18.718029022 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.011847019 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.130989075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.136158943 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.136220932 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.136250973 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.181246042 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.252950907 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.253076077 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.297116995 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.297149897 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.350488901 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.690577984 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.694910049 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.695182085 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.697189093 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.697226048 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.697310925 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.706089020 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.717026949 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.717449903 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.717487097 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.728061914 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.728247881 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.728276968 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.749874115 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.749907970 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.749994040 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.750003099 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.750014067 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.750089884 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.760941029 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.773075104 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.807571888 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.813046932 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.813218117 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.813592911 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.813612938 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.816551924 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.823954105 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.835066080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.835601091 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.835617065 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.888736010 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.926428080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.930526018 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.930730104 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.930924892 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.930951118 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.931636095 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.939275026 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.948301077 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.949004889 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.949016094 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.957062960 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.959131956 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.959142923 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.965961933 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.969260931 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.969271898 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.974653959 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.983288050 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.983407974 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.989525080 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.989547014 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.996603966 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.998934984 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.998943090 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.003828049 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.003957033 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.004780054 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.005028963 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.005044937 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.005054951 CET49871443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.005060911 CET4434987134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.005379915 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.008521080 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.008529902 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.013546944 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.013578892 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.013801098 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.015223026 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.015235901 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.043531895 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.046598911 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.046760082 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.046982050 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.046994925 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.047135115 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.061525106 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.070427895 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.070511103 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.070770979 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.070786953 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.070820093 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.070823908 CET4434987634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.071264982 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.071319103 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.072076082 CET49876443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.072110891 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.072269917 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.072283983 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.076113939 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.076337099 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.076351881 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.090658903 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.091224909 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.091242075 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.119721889 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.119946957 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.119960070 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.119971991 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.120085001 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.121750116 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122077942 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122222900 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122251034 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122257948 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122267962 CET4434987334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122436047 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122450113 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122450113 CET49873443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122594118 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.122627020 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.125672102 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.125861883 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.125880003 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.136648893 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.136709929 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.136866093 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.136890888 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.136926889 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.136933088 CET4434987234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.137026072 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.137506008 CET49872443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.149107933 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.149281025 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.149295092 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.149306059 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.149399996 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.163758993 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.178397894 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.178605080 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.191468000 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.191478968 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.194910049 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.194917917 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.204168081 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.204221010 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.204229116 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.215153933 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.217621088 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.217632055 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.217814922 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.217870951 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.218054056 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.218075037 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.218099117 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.218105078 CET4434987534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.218194962 CET49875443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.242712975 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.242779016 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.242841005 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.242996931 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.242996931 CET49874443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.243007898 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.243016005 CET4434987434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.246687889 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.246731043 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.247004032 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.247143984 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.247163057 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.247175932 CET49877443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.247183084 CET4434987734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.276098967 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.276107073 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.279943943 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.280054092 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.280061007 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.290909052 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.291026115 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.291033983 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.301842928 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.301938057 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.301948071 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.323734999 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.323863983 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.327671051 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.327680111 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.328558922 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.334703922 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.345709085 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.345789909 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.345985889 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.346177101 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.346196890 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.346208096 CET49862443192.168.2.734.117.121.53
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.346216917 CET4434986234.117.121.53192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.398066998 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.398094893 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.398488998 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.398648024 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.398657084 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.472249031 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.472306013 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.472569942 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.472589016 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.472824097 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.472850084 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473416090 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473423958 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473571062 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473792076 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473798037 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473813057 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.473968983 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.474011898 CET4434988334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.477196932 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:20.477196932 CET49883443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.181794882 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.181837082 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.182069063 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.183525085 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.183541059 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277311087 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277337074 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277431965 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277431965 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277489901 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277489901 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277546883 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277569056 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277570009 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277581930 CET4434988734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277611971 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277621984 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277637005 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277656078 CET4434988834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277692080 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277744055 CET4434988534.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277772903 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277780056 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277787924 CET49887443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277790070 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277797937 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277806997 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277806997 CET49888443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277826071 CET4434988634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277831078 CET4434988434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277868986 CET49885443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277880907 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277880907 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277901888 CET49886443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.277901888 CET49884443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.590333939 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.591640949 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.591675043 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.591743946 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.591835976 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.591850996 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.591864109 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.592363119 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.592755079 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.593564034 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.594959974 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.594969988 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.595257998 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.597381115 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.597392082 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.597659111 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.609380007 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.609411001 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.609416008 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.609463930 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.646914959 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.731981993 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.732882977 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.736061096 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.736073017 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.736260891 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.747826099 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.791327953 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.204588890 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.204816103 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.204890013 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.204921007 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.205564022 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.207528114 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.207848072 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.207873106 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.207886934 CET49893443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.207895994 CET4434989334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.210855961 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.210923910 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.211029053 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.211286068 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.211286068 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.211307049 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.211318970 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.213964939 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.214032888 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.214404106 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.214484930 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.214883089 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.214920998 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222363949 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222400904 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222402096 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222636938 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222636938 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222655058 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222670078 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222862005 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222881079 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222907066 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.222913027 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.223493099 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.223511934 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.252451897 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.252490997 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.258546114 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.258732080 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.258749008 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.260858059 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.260885954 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.261406898 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.262870073 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.262888908 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.475413084 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.493168116 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.493191957 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.493280888 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.493390083 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.535334110 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.552277088 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.984352112 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.984431982 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.984549999 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.985157967 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.985186100 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.985198021 CET49900443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.985204935 CET4434990034.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.590867043 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.590881109 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.592909098 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.595628023 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.595637083 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.595848083 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.648371935 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.684648991 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.684717894 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.684856892 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.687436104 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.687447071 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.687697887 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.688512087 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.688544035 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.688612938 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.688870907 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.689296007 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.731328964 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:23.735330105 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.253526926 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.253596067 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.253837109 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.253859043 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.254019976 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.254162073 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.254167080 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.257904053 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.257958889 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.257966042 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.271481991 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.276237011 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.276246071 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.285001993 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.285212040 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.285219908 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.338682890 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.348721981 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.348805904 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.348921061 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.349164963 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.349188089 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.349200010 CET49903443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.349205971 CET4434990334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.353113890 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.353163004 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.353303909 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.354713917 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.354723930 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.535058975 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.541616917 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.541712999 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.541729927 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.541759968 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.541888952 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.555263996 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.568727970 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.568950891 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.568967104 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.582159042 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.582355022 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.582371950 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.595604897 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.595962048 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.595974922 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.622459888 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.622575998 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.622761011 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.622771978 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.622904062 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.635906935 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.649322033 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.649534941 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.649554014 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.662976980 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.663542986 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.663552046 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.708559990 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.708578110 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.755434036 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.854773998 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.857912064 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.858983040 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.859019995 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.884922981 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.884973049 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.885093927 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.885143995 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.885281086 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.898158073 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.911691904 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.911746979 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.915596008 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.915611982 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.915786028 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.925225973 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.938703060 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.940462112 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.940474987 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.952158928 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.955518007 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.955530882 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.965586901 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.965683937 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.965696096 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.979231119 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.992681980 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.993808985 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:24.993819952 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.006107092 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.009414911 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.009423018 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.018110991 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.024296045 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.024305105 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.030292988 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.040678978 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.040689945 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.094085932 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.094861031 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.107348919 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.107511997 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.107769012 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.107775927 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.107938051 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.116991043 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.126360893 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.135803938 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.136065006 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.141020060 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.141031981 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.145498991 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.146608114 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.146615028 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.159492016 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.159821033 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.160824060 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.160835981 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.160876989 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.168900013 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.178147078 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.178201914 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.178210020 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.187786102 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.187911034 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.187920094 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.197128057 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.197182894 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.197190046 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.206547976 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.206605911 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.206613064 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.225625038 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.225670099 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.226263046 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.226280928 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.226365089 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.234265089 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.239774942 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.239828110 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.239837885 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.245523930 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.245582104 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.245603085 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.251104116 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.251245022 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.251275063 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.256700039 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.256752968 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.256783962 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.267741919 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.267832994 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.267992973 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.268017054 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.268567085 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.326589108 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.328953981 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.329097986 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.329130888 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.329143047 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.329617023 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.334464073 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.340197086 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.340267897 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.340276957 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.340291023 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.340425968 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.344708920 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.351697922 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.351747990 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.351752996 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.351773977 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.351856947 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.356277943 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.361229897 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.361377001 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.361392021 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.365777016 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.370325089 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.370439053 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.372077942 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.372088909 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.375175953 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.375228882 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.375235081 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.384418964 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.384588957 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.384597063 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.384603977 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.384857893 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.389189005 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.393776894 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.393934011 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394011974 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394020081 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394125938 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394294977 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394315004 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394325972 CET49902443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.394331932 CET4434990234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.521277905 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.521341085 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.521399021 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.521500111 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:25.521511078 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.150274038 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.154402018 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.154421091 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.154488087 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.154587030 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.199336052 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.240101099 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.796638012 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.796729088 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.797008991 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.797032118 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.797043085 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.797054052 CET4434990934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.798489094 CET49909443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.804368019 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.804414988 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.804630995 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.806071043 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:26.806092978 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.002974987 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.003052950 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.005857944 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.005870104 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.006109953 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.010752916 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.055322886 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.528453112 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.528719902 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.528764009 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.528765917 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.528779984 CET4434990134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.542923927 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.542965889 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.542965889 CET49901443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.772517920 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.772569895 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.772691011 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.772723913 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.773081064 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.773451090 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.773457050 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.785113096 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.785176039 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.785187960 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.823295116 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.823402882 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.823412895 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.848949909 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.849179029 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.849189043 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:27.944045067 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.003812075 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.022243977 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.022650957 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.022670984 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.041743994 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.041825056 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.041836023 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.044795036 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.046027899 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.046052933 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.046111107 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.046199083 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.055238962 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.055334091 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.057096958 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.057179928 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.057198048 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.057208061 CET49910443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.057214022 CET4434991034.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.076406956 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.076436996 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.076545954 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.076916933 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.076926947 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.087330103 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.094343901 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.094381094 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.094479084 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.094620943 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.094633102 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:28.096653938 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.095623970 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.095696926 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.096951008 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.097307920 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.097307920 CET49915443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.097326994 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.097336054 CET4434991534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.101902962 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.101936102 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.102493048 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.103962898 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.103991985 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.873037100 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.873281956 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.876306057 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.876326084 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.876629114 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.930093050 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.983625889 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.984059095 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.986740112 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.986763954 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.987071991 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.990967035 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.035335064 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.051237106 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.433126926 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.559593916 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.567747116 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.567785978 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.567883015 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.567960978 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.611327887 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.622899055 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.745883942 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.746226072 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.746298075 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.746321917 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.747179031 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.750756979 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.750775099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.751034975 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.753971100 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.776029110 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.783823967 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.783843040 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.792594910 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.794212103 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.794229031 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.844274998 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.902882099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.937773943 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.937870026 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.937886000 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.944500923 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.944576025 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.944585085 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.954298019 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.954363108 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.954370975 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.964013100 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.973691940 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.974133015 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.979991913 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.980012894 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.993177891 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.993216038 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.993249893 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.993269920 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.993395090 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.002842903 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.012712955 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.012770891 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.012787104 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.022484064 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.022547007 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.022564888 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.080579996 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.130050898 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.144798040 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.144872904 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.144896984 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.150561094 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.150612116 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.150624990 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.196475983 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.196490049 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.215801001 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.215884924 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.227787971 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.228099108 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.228126049 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.228138924 CET49921443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.228144884 CET4434992134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.233285904 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.233340979 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.240871906 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.242248058 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.242273092 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.243359089 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.386810064 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.391125917 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.391254902 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.397056103 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.397069931 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.410204887 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.410520077 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.412369013 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.412377119 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.420087099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.424576998 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.424587011 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.429809093 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.432466030 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.432481050 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.439558983 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.442831039 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.442840099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.449261904 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.450954914 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.450963020 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.468565941 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.468730927 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.470592976 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.470601082 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.470706940 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.478380919 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.488156080 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.488245964 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.488255024 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.497980118 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.498034954 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.498044968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.507674932 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.509617090 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.509640932 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.517492056 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.517643929 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.517652035 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.535917044 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.536035061 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.536231041 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.536243916 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.536381960 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.544797897 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.597001076 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.597033978 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.658461094 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.745639086 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.756057024 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.756105900 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.756131887 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.758760929 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.758796930 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.773858070 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.773960114 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.774411917 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.774449110 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.774970055 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.866437912 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.870506048 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.874680042 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.874716043 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.883968115 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.884016991 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.890270948 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.890296936 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.890446901 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.892852068 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.900252104 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.900362968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.901792049 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.901803017 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.901921988 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.907807112 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.915400982 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.921510935 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.921521902 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.922988892 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.923044920 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.923052073 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.930428982 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.939022064 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.943006039 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.943021059 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.943217993 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.945400000 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.952802896 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.953002930 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.953054905 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.953066111 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.953161001 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.960279942 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.967720032 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.967879057 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.970601082 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.970628977 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.970731020 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.975243092 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.982883930 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.990597010 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.990611076 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.990622997 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.996342897 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.996359110 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.997503996 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.999017000 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:31.999023914 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.011558056 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.011612892 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.011641979 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.018327951 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.018495083 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.021795988 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.021805048 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.022938967 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.110335112 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.113115072 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.113395929 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.113430023 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.120021105 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.122090101 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.122118950 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.126909971 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.127058983 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.127089024 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.133903980 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.134697914 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.134728909 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.140795946 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.141100883 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.141134024 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.154426098 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.154710054 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.155066967 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.155093908 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.155205965 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.161303997 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.168519020 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.168577909 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.168755054 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.168787956 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.168843031 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.175360918 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.182856083 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.183154106 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.183180094 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.189524889 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.191174984 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.191184044 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.202922106 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.202996969 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.204957008 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.204977989 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.205187082 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.210055113 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.216731071 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.216809988 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.219348907 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.219361067 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.224921942 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.227735996 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.227840900 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.231709003 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.231717110 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.231940031 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.231950045 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.236104965 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.239542007 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.239547968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.239826918 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.241276979 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.241283894 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.244112968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.244198084 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.244204998 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.251341105 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.251462936 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.254367113 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.254374027 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.254592896 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.255219936 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.259095907 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.259671926 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.259680033 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.263189077 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.263267994 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.263273001 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.266951084 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.269155025 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.269160986 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.320096016 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.462515116 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.464118004 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.464221001 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.467684984 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.468041897 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.471708059 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.474553108 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.474673986 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.477488995 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.480453014 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.481475115 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.481501102 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.483658075 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.486498117 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.486635923 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.489387989 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.489531994 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.492404938 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.495358944 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.495472908 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.498339891 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.501370907 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.501684904 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.501718044 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.502459049 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.507285118 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.507330894 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.510229111 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.510373116 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.513284922 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.513425112 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.513761997 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.513786077 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.514013052 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.516429901 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.519159079 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.520839930 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.521790028 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.521809101 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.523848057 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.526669025 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.526911020 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.529716015 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.529818058 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.532866001 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.535330057 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.535351038 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.535782099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.535854101 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.535861969 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.538763046 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.539031029 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.539041996 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.544483900 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.544712067 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.545536995 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.545552015 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.545732021 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.547514915 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.550501108 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.550614119 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.552953005 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.552967072 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.553158045 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.553381920 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.556474924 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.556502104 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.558634043 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.558646917 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.558716059 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.559618950 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.563283920 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.565965891 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.565979958 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.566133976 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.566195965 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.566201925 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.571367979 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.571564913 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.572166920 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.572180033 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.572316885 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.574240923 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.577244043 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.577357054 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.580137968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.582247019 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.582264900 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.583275080 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.586129904 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.586262941 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.587938070 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.587951899 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.642718077 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.694993973 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.695789099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.696602106 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.696623087 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.698668957 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.699704885 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.699712992 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.702953100 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.703118086 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.703308105 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.703334093 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.705224037 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.706063032 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.708935022 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.709062099 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.712094069 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.714890957 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.715029955 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.717941999 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.718024015 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.720923901 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.723570108 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.723583937 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.724040985 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.724438906 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.724445105 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.724631071 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.726914883 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.729877949 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.729934931 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.729942083 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.732938051 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.736670017 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.736677885 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.783890009 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.807818890 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.808733940 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.808856964 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.811713934 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.811845064 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.812297106 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.812314987 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.814146996 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.814687967 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.816601038 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.816749096 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.817090988 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.817099094 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.817316055 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.818752050 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.820626974 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.821083069 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.821091890 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.822563887 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.822799921 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.822807074 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.826313019 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.826456070 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.827497959 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.827506065 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.827569008 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.828252077 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.830120087 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.830287933 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.830509901 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.830516100 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.830629110 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.832102060 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.834197044 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.835164070 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.835172892 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.836102009 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.836157084 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.836165905 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.838840008 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.838887930 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.838897943 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.840837002 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.840904951 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.840970993 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.840981007 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.841059923 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.842818975 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.844770908 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.845340014 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.845351934 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.846725941 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.846931934 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.846940994 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.848649979 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.849198103 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.849206924 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.852355003 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.852483988 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.852494001 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.852505922 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.852601051 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.854304075 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.856327057 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.856559992 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.856581926 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.858282089 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.858376026 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.858390093 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.860239983 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.860450029 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.860470057 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.862147093 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.862653017 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.862664938 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.865900993 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.865943909 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.866024971 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.866826057 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.866842031 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.925024033 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.925059080 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.925457954 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.925528049 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.925534010 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.927433968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.929048061 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.930948973 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.931088924 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.932811022 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.932952881 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.934751034 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.934897900 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.935113907 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.935123920 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.935256958 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.936621904 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.938638926 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.938694954 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.938702106 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.940562963 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.940629959 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.940640926 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.942549944 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.942617893 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.942625046 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.945271969 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.945322990 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.945328951 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.946995020 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.948795080 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.948981047 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.950725079 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.950839996 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.952680111 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.952883959 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.954637051 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.955226898 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.955239058 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.955387115 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.956430912 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.958971977 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.959005117 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.959043980 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.959052086 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.959238052 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.960174084 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.960264921 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.961296082 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.961313009 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.961364031 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.961450100 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.962204933 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.962472916 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.962480068 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.964086056 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.964147091 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.964153051 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.965917110 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.965993881 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.966000080 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.969607115 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.969686031 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.969692945 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.971443892 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.971518993 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.971525908 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.973323107 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.973388910 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.973395109 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.975199938 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.975270987 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.975276947 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.977111101 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.977175951 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.977183104 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.979126930 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.979187965 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.979195118 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.980998993 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.981061935 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.981069088 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.982882023 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.982940912 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:32.982947111 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.007332087 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.026756048 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.043903112 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.044662952 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.044718027 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.044744968 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.046286106 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.047256947 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.047262907 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.048223019 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.048379898 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.048387051 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.051690102 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.051749945 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.051755905 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.053219080 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.054424047 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.054548979 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.056293964 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.056407928 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.057179928 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.057188034 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.058042049 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.058407068 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.058412075 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.061405897 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.061465025 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.061470032 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.063173056 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.063232899 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.063239098 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.064949036 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.065052032 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.065061092 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.066817045 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.068531036 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.068658113 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.070441961 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.070687056 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.071957111 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.073594093 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.073604107 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.073875904 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.073883057 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.073888063 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.073959112 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.075508118 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.077270031 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.077404022 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.079011917 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.079178095 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.080782890 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.080892086 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.082745075 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.084441900 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.084568977 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.084815025 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.084835052 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.086143970 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.087743044 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.087922096 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.089215994 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.089224100 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.091308117 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.091566086 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.093038082 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.093172073 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.094896078 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.095468044 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.095477104 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.096704006 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.096767902 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.096774101 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098356962 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098414898 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098421097 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098443031 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098618984 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098800898 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098818064 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098826885 CET49919443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.098833084 CET4434991934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.128220081 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.128247023 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.128415108 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.128448009 CET4434991834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.138550997 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.138582945 CET49918443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.142677069 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.159868956 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.159949064 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.172473907 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.174146891 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.174170971 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.239748001 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.239794970 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.240884066 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.241039038 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.241050005 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.722676039 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.722757101 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.729204893 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.729520082 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.729521036 CET49925443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.729537010 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.729545116 CET4434992534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.734245062 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.734288931 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.734569073 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.735982895 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.735995054 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.498574972 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.498590946 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.515330076 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.518313885 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.518321991 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.518577099 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.524009943 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.535491943 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.538646936 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.538667917 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.538966894 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.555917025 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.603334904 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.656507015 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.090506077 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.093337059 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.093353987 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.093400955 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.093539953 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.139339924 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.140661955 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.276283979 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.276329041 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.276820898 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.276846886 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.277626038 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.277654886 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.281718016 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.281749010 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.287039995 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.297844887 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.297960043 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.302004099 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.302017927 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.308938980 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.312355995 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.312525988 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.312542915 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.312568903 CET49932443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.312573910 CET4434993234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.330763102 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.330811977 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.330929995 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.331159115 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.331167936 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.844423056 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.844504118 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.846972942 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.847381115 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.847408056 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.847419024 CET49933443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.847424984 CET4434993334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.852324963 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.852349043 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.853837013 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.855374098 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.855385065 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.649101019 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.653621912 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.656476021 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.656502008 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.656773090 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.657696009 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:36.703332901 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.389672995 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.389950991 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.390062094 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.399332047 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.399878025 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.400856972 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.400868893 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.400933981 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.401192904 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.401293039 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.401293039 CET49938443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.401312113 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.401321888 CET4434993834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.443331003 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.488826990 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.488878012 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.489588976 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.489793062 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.489808083 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:37.541337967 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.074028015 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.074095964 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.098681927 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.099067926 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.099082947 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.099092960 CET49940443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.099102020 CET4434994034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.104360104 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.104422092 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.104715109 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.106218100 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.106242895 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.349356890 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.349356890 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.349571943 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.349608898 CET4434993134.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.356139898 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.356139898 CET49931443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.819240093 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.822880030 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.826123953 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.826139927 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.826327085 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.833363056 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:38.879328966 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.313993931 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.314023018 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.314273119 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.316482067 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.316895962 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.316910982 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.316920042 CET49941443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.316925049 CET4434994134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.322959900 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.323023081 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.335278034 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.335426092 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.335443974 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.349000931 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.349054098 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.363696098 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.363867044 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.363881111 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.369632959 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.378021955 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.378057957 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.378113031 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.378243923 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.419332981 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:39.437742949 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005095005 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005150080 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005248070 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005609035 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005623102 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005633116 CET49946443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.005640030 CET4434994634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.012412071 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.012433052 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.024127960 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.025599003 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.025610924 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.448160887 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.573885918 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.672885895 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.672902107 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.690638065 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.693914890 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.693928957 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.694143057 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.700484037 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.700498104 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.710786104 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.713654041 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.713670015 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.713898897 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.723690033 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.751323938 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.771337986 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.154189110 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.154325962 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.154369116 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.154387951 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.155078888 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.155673981 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.155864954 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.155889034 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.155900955 CET49949443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.155908108 CET4434994934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.267932892 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.268002987 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.268352985 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.268496037 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.268515110 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.443873882 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.448968887 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.448999882 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.449093103 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.449151039 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.495336056 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:41.498260975 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.010179996 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.010272026 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.034691095 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.035115004 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.035140038 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.035166025 CET49952443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.035171986 CET4434995234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.039577007 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.039614916 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.039766073 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.041301966 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.041316032 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.507000923 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.508394957 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.511262894 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.511285067 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.511517048 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.526928902 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:42.571332932 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.072918892 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.072954893 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.073415041 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.073465109 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.074505091 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.074527025 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.080816031 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.080848932 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.081271887 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.089526892 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.089708090 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.090898991 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.090924978 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.131419897 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.234864950 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.264806986 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.264910936 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.264940023 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.268969059 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.272963047 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.272984982 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.277473927 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.283035994 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.283055067 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.294116974 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.294262886 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.302510977 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.302634001 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.310954094 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.311222076 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.315196991 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.315224886 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.316116095 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.316169977 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.319416046 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.327990055 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.328043938 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.328063965 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.336883068 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.343594074 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.343611002 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.345571041 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.345658064 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.345673084 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.362986088 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.364720106 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.364737988 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.364789963 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.364867926 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.393922091 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.393948078 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.411335945 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.434267998 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.454524040 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.456721067 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.460747957 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.467498064 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.467533112 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.474752903 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.474788904 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.475927114 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.484337091 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.484411001 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.484872103 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.484894037 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.501089096 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.501233101 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.507970095 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.508210897 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.514740944 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.515063047 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.515117884 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.515141964 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.515402079 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.811381102 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.812067032 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.812097073 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.812881947 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.812907934 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.813657999 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.813682079 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.814512014 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.815253019 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.815274954 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.817949057 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.817992926 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.818442106 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.818686008 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.818686008 CET49956443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.818707943 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.818720102 CET4434995634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.928422928 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.928472042 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.939080954 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.939263105 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:43.939282894 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.126919985 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.127002001 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.136378050 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.136672020 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.136672020 CET49957443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.136698008 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.136706114 CET4434995734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.143757105 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.143788099 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.151747942 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.153537989 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.153546095 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.412606001 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.412606001 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.412882090 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.412919998 CET4434994834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.418906927 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:44.418937922 CET49948443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.141124010 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.141135931 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.159744024 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.162695885 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.162703991 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.162950993 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.179409981 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.227334023 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.698697090 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.704797983 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.704803944 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.704858065 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.704978943 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.747334957 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.764000893 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.990123034 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.990169048 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.990607977 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.990633965 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.991513014 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.991835117 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.997997999 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.998019934 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.999326944 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:45.999360085 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.005939960 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.006015062 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.006278038 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.006290913 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.006302118 CET49963443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.006305933 CET4434996334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.015626907 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.015671015 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.031310081 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.031586885 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.031599045 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.038064003 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.038117886 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.046436071 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.046751976 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.046770096 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.456209898 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.456294060 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.470463991 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.470942974 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.470958948 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.470968962 CET49964443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.470973969 CET4434996434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.475558996 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.475603104 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.475716114 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.477138042 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.477152109 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.335997105 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.336010933 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.337029934 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.337045908 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.337074995 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.337565899 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.340524912 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.340534925 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.340781927 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.343132019 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.343144894 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.343400002 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.357538939 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.397631884 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.403326035 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.988367081 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.992786884 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.992818117 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.992863894 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:47.992961884 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.039324999 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.042166948 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.101038933 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.101090908 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.101118088 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.101768017 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.102500916 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.102511883 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.103419065 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.103450060 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.104121923 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.104151964 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.124475002 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.124485970 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.124867916 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.362873077 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.401067019 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.404767990 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.404930115 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.405267954 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.405288935 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.405302048 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.425431967 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.425442934 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.486063957 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.594396114 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.594540119 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.594614029 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.607139111 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.607438087 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.607461929 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.607474089 CET49971443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.607480049 CET4434997134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.679053068 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.679088116 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.688060045 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.688102007 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.688112974 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.926186085 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.926393032 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.926939964 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.927236080 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.927261114 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.927273035 CET49972443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.927285910 CET4434997234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.933608055 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.933646917 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.933953047 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.935436964 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:48.935460091 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.909017086 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.909033060 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.917587042 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.920660973 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.920674086 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.920952082 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.938064098 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:49.983326912 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.290255070 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.302098036 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.302118063 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.302170992 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.302289009 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.347323895 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.350663900 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.350708961 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.351188898 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.351218939 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.352099895 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.352129936 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.358406067 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.361386061 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.361423016 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.361442089 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.362936020 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.363667965 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.363676071 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.363873005 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.370879889 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.442177057 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.496097088 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.542551041 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.542896986 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.542916059 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.546760082 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.563072920 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.563086987 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565253973 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565289021 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565320015 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565335035 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565418005 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565423012 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565476894 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565661907 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565677881 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565687895 CET49978443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.565692902 CET4434997834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.603353024 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.640173912 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.640223980 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.643699884 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.643897057 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.643919945 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:50.839879036 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.109410048 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.109483004 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.118204117 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.118578911 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.118594885 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.118606091 CET49979443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.118609905 CET4434997934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.124912977 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.124946117 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.128335953 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.129829884 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.129842997 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.390866041 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.390888929 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.391047001 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.391084909 CET4434997034.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.391488075 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:51.391501904 CET49970443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.023962975 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.027502060 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.030672073 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.030692101 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.031008959 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.031321049 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.079329014 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.478209972 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.480518103 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.480545044 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.480601072 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.480746984 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.523329020 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.539676905 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.560288906 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.560509920 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.560805082 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.564764023 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.565263033 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.565263033 CET49983443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.565299988 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.565311909 CET4434998334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.608494997 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.608542919 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.617674112 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.617904902 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.617917061 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.639307022 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.639354944 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.640578985 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.640763044 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:52.640778065 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.189263105 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.189332008 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.205656052 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.206034899 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.206046104 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.206099033 CET49985443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.206104040 CET4434998534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.922782898 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.922796965 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.922904968 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.924949884 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.925966024 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.925976038 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.926202059 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.926589966 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.929110050 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.929119110 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.929363012 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.932480097 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:53.979324102 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.052923918 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.775713921 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.775883913 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.779243946 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.780049086 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.780066967 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.780081034 CET49988443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.780088902 CET4434998834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.796780109 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.796828032 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.796917915 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.797034979 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:54.797046900 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.520325899 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.527328968 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.534966946 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.535012007 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.538068056 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.538093090 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.538395882 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.539408922 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:56.583331108 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.128864050 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.129005909 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.133594036 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.134001017 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.134023905 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.134068966 CET49993443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.134077072 CET4434999334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.167279959 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.167340040 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.182056904 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.182269096 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.182287931 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.951056004 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.951263905 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.951299906 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.951303005 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.951322079 CET4434998734.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.956204891 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.956222057 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:57.956222057 CET49987443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.486490011 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.486505032 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.494517088 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.498681068 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.498697042 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.498928070 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.499808073 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:58.543330908 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.055959940 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.056442022 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.056467056 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.056880951 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.060502052 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.060516119 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.068957090 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.069046021 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.076993942 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.077147007 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.077215910 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.080684900 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.081525087 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.081540108 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.081559896 CET49998443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.081566095 CET4434999834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.107788086 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.107841015 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.121064901 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.121267080 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.121285915 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.137448072 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.137499094 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.143157959 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.143320084 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:59.143337965 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.395632982 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.395706892 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.395766020 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.395778894 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.396100998 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.398905993 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.398916960 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.399223089 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.401971102 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.401983023 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.402219057 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.402311087 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.441994905 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.447321892 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:00.865309954 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.048036098 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.048082113 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.048108101 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.048716068 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.067321062 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.067424059 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.068437099 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.068455935 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.068465948 CET50005443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.068471909 CET4435000534.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.082139015 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.098453999 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.098498106 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.107822895 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.108143091 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:01.108151913 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.401575089 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.401590109 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.419238091 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.422399044 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.422410965 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.422770023 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.427011013 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.467341900 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.912400961 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.912739992 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.912774086 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.913249016 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.913296938 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.923862934 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.924216032 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.924233913 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.924247980 CET50008443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.924252033 CET4435000834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.988152027 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.988188028 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.988719940 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.988861084 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.988876104 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.204899073 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.204938889 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.205111027 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.206815958 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.206828117 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.466861963 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.466861963 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.467154026 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.467191935 CET4435000334.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.467217922 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.467267036 CET50003443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.148516893 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.148624897 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.151527882 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.151536942 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.151765108 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.161839008 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.203335047 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.699565887 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.699662924 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.699887037 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.699887037 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.700103045 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.700314045 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.700330973 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.700341940 CET50012443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.700349092 CET4435001234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.731362104 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.734781027 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.734808922 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.734863043 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.734934092 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.736675024 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.736773014 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.736908913 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.737045050 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.737081051 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.775326014 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:05.778925896 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.248742104 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.249027967 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.249428988 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.250036955 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.250036955 CET50014443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.250056028 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.250066996 CET4435001434.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.965342999 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.965451002 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.969109058 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.969118118 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.969391108 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:06.988523960 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.035350084 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.540966034 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.541088104 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.541193962 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.541554928 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.541582108 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.541595936 CET50019443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.541604042 CET4435001934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.550719976 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.550757885 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.550854921 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.550971985 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:07.550981045 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.853966951 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.854068995 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.857583046 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.857594967 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.857862949 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.870857954 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:08.915323973 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463567019 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463597059 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463656902 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463681936 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463951111 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463960886 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.463978052 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.464112997 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.464138031 CET4435002434.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.466747046 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.466763020 CET50024443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.471210003 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.471240997 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.472286940 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.472497940 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.472512960 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.497111082 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.497133017 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.497204065 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.497359991 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:09.497374058 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.029689074 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.029772997 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.032716036 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.032725096 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.032972097 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.036015034 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.038165092 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.038244009 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.040766954 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.040777922 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.041009903 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.079329967 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.096177101 CET4976180192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.096175909 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.361345053 CET804976134.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671199083 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671345949 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671521902 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671722889 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671740055 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671749115 CET50028443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.671755075 CET4435002834.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.684516907 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.684552908 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.684673071 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.684823990 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:11.684839964 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.139159918 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.143337965 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.145284891 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.150952101 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.150966883 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.151238918 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.165841103 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.211327076 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.605667114 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.605725050 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.605943918 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.605968952 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606159925 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606225014 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606493950 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606667042 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606683969 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606695890 CET50033443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.606700897 CET4435003334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.633826017 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.633852959 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.633958101 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.634078979 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:13.634092093 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.053106070 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.053241014 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.056166887 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.056174994 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.056431055 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.056900978 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.103339911 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515269995 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515321970 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515377998 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515393972 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515466928 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515538931 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515733957 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515733957 CET50039443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515748024 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.515753031 CET4435003934.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521003008 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521039009 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521229982 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521267891 CET4435002634.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521390915 CET50044443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521445036 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521720886 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521742105 CET50026443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521773100 CET50044443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521935940 CET50044443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:15.521953106 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.354934931 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.355268955 CET50044443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.358455896 CET50044443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.358475924 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.358772993 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.359118938 CET50044443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:17.399342060 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:18.398401976 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:18.398475885 CET4435004434.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:18.398525953 CET50044443192.168.2.734.160.144.191

                                                                                                                                                                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.560499907 CET5930753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.561675072 CET5830253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.636646986 CET6013253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.721822977 CET53593071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724256992 CET6410453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724512100 CET5803753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.887432098 CET5125053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.888684034 CET5366253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.946696997 CET53601321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.947441101 CET6364953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.954431057 CET53580371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.955013037 CET5510153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.955076933 CET53641041.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.955625057 CET6218353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.222078085 CET53551011.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.222091913 CET53621831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.225152016 CET53536621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.229624987 CET53636491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.312325001 CET53512501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.672123909 CET5206553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.673341990 CET6479153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.268935919 CET5049653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.279138088 CET5736053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.279634953 CET5918453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.369582891 CET5369953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.371131897 CET5838753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.561424971 CET53520651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.562139988 CET5545753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.673830032 CET6479153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.893342972 CET53647911.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.894352913 CET6085253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001136065 CET53591841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001141071 CET53573601.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001151085 CET53504961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001352072 CET53536991.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.014700890 CET6197453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.071439981 CET53554571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.071486950 CET53647911.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.074604034 CET6364953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.439263105 CET53608521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.560951948 CET53619741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.632399082 CET5437153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.823894978 CET53636491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.824738026 CET6050753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.985208035 CET6209153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.126697063 CET53543711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.132172108 CET5286953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.147386074 CET53605071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.390300989 CET53528691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.577678919 CET5517953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET53551791.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.259795904 CET53627421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.586350918 CET5940453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.686625957 CET6138353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.735209942 CET53594041.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738495111 CET5795253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.116513968 CET53579521.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.181797028 CET53613831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.216490030 CET6039053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.217210054 CET6271353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.280800104 CET5873553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.686233997 CET53603901.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.686486006 CET53627131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.688673019 CET5903053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.689817905 CET6338853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.280328989 CET5873553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.284346104 CET53590301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.692014933 CET6338853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.972419977 CET53587351.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.973829031 CET6035553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.324345112 CET53633881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.327953100 CET5304853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.580646038 CET53603551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.712374926 CET5664753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.161041021 CET53566471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.332880020 CET5304853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.533790112 CET53530481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:29.466342926 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.514767885 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.514801025 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.519262075 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.690303087 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.690426111 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.690474033 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.705347061 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.820786953 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.820812941 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.041363955 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.041419029 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.045763969 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.060554981 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.060709000 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.422494888 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.422528982 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.731951952 CET5187753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.861028910 CET6152753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.023571968 CET53518771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.025010109 CET5979953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.094739914 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.094947100 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.094954967 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.095519066 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET53615271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.145905018 CET6305653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.205368996 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.205552101 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.205559969 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.205636978 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.205754995 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.206193924 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.206201077 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.206214905 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.249358892 CET53597991.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.259022951 CET5269053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.377958059 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.378848076 CET5064453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET53630561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.507004023 CET5282353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.568959951 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.570786953 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.580739021 CET53526901.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.592201948 CET53506441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.710804939 CET53528231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.718099117 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.718827963 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.861638069 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.861685991 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.914619923 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:33.914663076 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.238724947 CET53614471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.305933952 CET6265453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.570698023 CET5220853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.571103096 CET5583653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.604300976 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.604324102 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.119023085 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.119832039 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.124433041 CET4435664834.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.155410051 CET56648443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.302581072 CET6265453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.304069042 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.499603987 CET53626541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.500382900 CET5644553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.572344065 CET5583653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.572371006 CET5220853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.577078104 CET5872253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.713424921 CET53522081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714200020 CET6241053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714231014 CET53558361.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714929104 CET6284353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.904366016 CET5699253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.068917036 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.069753885 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.078037024 CET44356738142.250.181.142192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.105035067 CET56738443192.168.2.7142.250.181.142
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.186321974 CET53626541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.189670086 CET53558361.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.190983057 CET53587221.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.192462921 CET53564451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.193175077 CET5966853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.229338884 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.310142040 CET53628431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.310832977 CET5536053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.313549042 CET53569921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.408587933 CET53624101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.423630953 CET5790553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.519407988 CET53596681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.520226002 CET4934353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.549953938 CET53553601.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.550864935 CET5029953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.559603930 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.559638977 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.810983896 CET53502991.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.811296940 CET53579051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.811889887 CET6400453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.888541937 CET53493431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.889786005 CET6288253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.026424885 CET6507053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.048664093 CET53628821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.115180969 CET53640041.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.115905046 CET4935953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.192795038 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.192831039 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.435218096 CET53493591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.554706097 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.554886103 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.555363894 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.669868946 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670051098 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670063019 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670248032 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670399904 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670712948 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670725107 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670741081 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.670826912 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.672378063 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.674834013 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.674856901 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.675092936 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.785775900 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.786089897 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.026359081 CET6507053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.219718933 CET53650701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.220473051 CET5042953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.336997986 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.337243080 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.352487087 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.352714062 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.456006050 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.456218958 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.562727928 CET53504291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.923257113 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.923487902 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.056118965 CET44359669172.217.21.46192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.056307077 CET59669443192.168.2.7172.217.21.46
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:39.741322994 CET53522121.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.438282013 CET5558153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.501331091 CET6515753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.616540909 CET53555811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.934995890 CET53651571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.219415903 CET5666253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.240818977 CET5644853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.263516903 CET6285353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.458362103 CET5035453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.167129993 CET53628531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.229208946 CET5666253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.241524935 CET5644853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.266359091 CET53566621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.267153978 CET6275853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.267895937 CET5976853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.272510052 CET53564481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.282566071 CET53503541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.283485889 CET5644853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.578295946 CET5987553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.265331984 CET5976853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.265388012 CET6275853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.281788111 CET5644853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.361166954 CET53566621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377747059 CET53564481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377990007 CET5644853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.493951082 CET53564481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.494165897 CET53597681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.495757103 CET5416553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.496670961 CET5707453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.564352036 CET53627581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.581223965 CET5987553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.718260050 CET53598751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.298780918 CET5132753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.494369984 CET5707453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.494391918 CET5416553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.009983063 CET53627581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.010094881 CET53597681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.297013044 CET5132753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332576036 CET53564481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332587004 CET53564481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.475128889 CET53541651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.476335049 CET5767953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.477072001 CET53570741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.794030905 CET53598751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.816556931 CET53509861.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.305609941 CET5132753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.389070988 CET53513271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.391320944 CET5153053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.456115007 CET53570741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.491080046 CET5767953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.558540106 CET53509861.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.880321026 CET53576791.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.881160975 CET53509861.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.881920099 CET5885653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.393702984 CET5153053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.781294107 CET53513271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.782161951 CET53515301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.876153946 CET5885653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.099926949 CET53576791.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.583880901 CET53588561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.159975052 CET53515301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.346244097 CET5099853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.587589979 CET5245353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.652962923 CET53588561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.352170944 CET5099853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.584243059 CET5245353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.051628113 CET53509981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.053159952 CET5540853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.160912037 CET53524531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.057290077 CET5540853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.286653996 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.510375977 CET53509981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.621411085 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.621443033 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.061156034 CET5540853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.261223078 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.261264086 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:58.089720964 CET53554081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:58.090725899 CET5835853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:58.496021986 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:58.496071100 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.081790924 CET5835853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.084954023 CET5835853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.808952093 CET53554081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.902554035 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.902591944 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.020860910 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.020937920 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.021583080 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.087516069 CET5835853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.131464005 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.131563902 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.131597042 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.131860971 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.132158041 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.132164955 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.132178068 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.133923054 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.136495113 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.136518955 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.321707964 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.322000027 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:03.761353970 CET53554081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.459352970 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.459775925 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.820708036 CET53583581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.970866919 CET5089453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.010035992 CET53583581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.109891891 CET53583581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.359349966 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.359787941 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.992726088 CET5089453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.711750031 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.712208033 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.715368032 CET53583581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.011251926 CET5089453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.073055983 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.074208975 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.101465940 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.138019085 CET44355409216.58.208.228192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.170857906 CET55409443192.168.2.7216.58.208.228
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.195358992 CET53508941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.786272049 CET53508941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:08.017587900 CET53508941.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.040473938 CET5508353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.258882046 CET53550831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.840584040 CET5569153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:15.789275885 CET53556911.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.181786060 CET5049653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.341949940 CET53504961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.261126041 CET6465953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.516258001 CET53646591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.101610899 CET6022553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.497898102 CET53602251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.733951092 CET5738753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.744585037 CET5738753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:35.103848934 CET53573871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.011293888 CET6334553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.384028912 CET53633451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.475389957 CET6137353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.826276064 CET53613731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.990881920 CET6246653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.192483902 CET53624661.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.204798937 CET5673353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.205576897 CET5673353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.434889078 CET53567331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.665561914 CET53567331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:16.203361988 CET6036353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:16.545382023 CET53603631.1.1.1192.168.2.7

                                                                                                                                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.560499907 CET192.168.2.71.1.1.10x727fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.561675072 CET192.168.2.71.1.1.10x681dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.636646986 CET192.168.2.71.1.1.10x804bStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724256992 CET192.168.2.71.1.1.10xbe5dStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.724512100 CET192.168.2.71.1.1.10x4203Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.887432098 CET192.168.2.71.1.1.10x5c4eStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.888684034 CET192.168.2.71.1.1.10xff6eStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.947441101 CET192.168.2.71.1.1.10x75aaStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.955013037 CET192.168.2.71.1.1.10xa8c5Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.955625057 CET192.168.2.71.1.1.10xa592Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.672123909 CET192.168.2.71.1.1.10xfa34Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.673341990 CET192.168.2.71.1.1.10x1e34Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.268935919 CET192.168.2.71.1.1.10xaf7aStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.279138088 CET192.168.2.71.1.1.10x9fdfStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.279634953 CET192.168.2.71.1.1.10x3c7dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.369582891 CET192.168.2.71.1.1.10x4a67Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.371131897 CET192.168.2.71.1.1.10x9212Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.562139988 CET192.168.2.71.1.1.10xec1aStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.673830032 CET192.168.2.71.1.1.10x1e34Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.894352913 CET192.168.2.71.1.1.10x6fb1Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.014700890 CET192.168.2.71.1.1.10xdd7dStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.074604034 CET192.168.2.71.1.1.10xc10dStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.632399082 CET192.168.2.71.1.1.10xcc19Standard query (0)mitmdetection.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.824738026 CET192.168.2.71.1.1.10xc3c5Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.985208035 CET192.168.2.71.1.1.10x725dStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.132172108 CET192.168.2.71.1.1.10x6ffStandard query (0)mitmdetection.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.577678919 CET192.168.2.71.1.1.10xae52Standard query (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.586350918 CET192.168.2.71.1.1.10xe0b1Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.686625957 CET192.168.2.71.1.1.10xdb35Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.738495111 CET192.168.2.71.1.1.10xadfcStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.216490030 CET192.168.2.71.1.1.10x57d7Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.217210054 CET192.168.2.71.1.1.10x784aStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.280800104 CET192.168.2.71.1.1.10x1cebStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.688673019 CET192.168.2.71.1.1.10xb4b6Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.689817905 CET192.168.2.71.1.1.10x4e42Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.280328989 CET192.168.2.71.1.1.10x1cebStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.692014933 CET192.168.2.71.1.1.10x4e42Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.973829031 CET192.168.2.71.1.1.10xaad9Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.327953100 CET192.168.2.71.1.1.10x8e38Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.712374926 CET192.168.2.71.1.1.10x4708Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:28.332880020 CET192.168.2.71.1.1.10x8e38Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.731951952 CET192.168.2.71.1.1.10xa2dfStandard query (0)o.pki.googA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.861028910 CET192.168.2.71.1.1.10x19c7Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.025010109 CET192.168.2.71.1.1.10xb1a9Standard query (0)pki-goog.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.145905018 CET192.168.2.71.1.1.10xc916Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.259022951 CET192.168.2.71.1.1.10x664eStandard query (0)pki-goog.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.378848076 CET192.168.2.71.1.1.10xffd3Standard query (0)o.pki.googA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.507004023 CET192.168.2.71.1.1.10x73c5Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.305933952 CET192.168.2.71.1.1.10x9e62Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.570698023 CET192.168.2.71.1.1.10xc46cStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:34.571103096 CET192.168.2.71.1.1.10xe1bbStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.302581072 CET192.168.2.71.1.1.10x9e62Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.500382900 CET192.168.2.71.1.1.10xf311Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.572344065 CET192.168.2.71.1.1.10xe1bbStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.572371006 CET192.168.2.71.1.1.10xc46cStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.577078104 CET192.168.2.71.1.1.10xbbbcStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714200020 CET192.168.2.71.1.1.10x1058Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714929104 CET192.168.2.71.1.1.10x8187Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.904366016 CET192.168.2.71.1.1.10x2783Standard query (0)firefox-settings-attachments.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.193175077 CET192.168.2.71.1.1.10x7e9aStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.310832977 CET192.168.2.71.1.1.10x7f67Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.423630953 CET192.168.2.71.1.1.10x8a54Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.520226002 CET192.168.2.71.1.1.10xd95eStandard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.550864935 CET192.168.2.71.1.1.10x6d45Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.811889887 CET192.168.2.71.1.1.10x332aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.889786005 CET192.168.2.71.1.1.10xfd87Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.026424885 CET192.168.2.71.1.1.10xf45cStandard query (0)attachments.prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.115905046 CET192.168.2.71.1.1.10x9843Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.026359081 CET192.168.2.71.1.1.10xf45cStandard query (0)attachments.prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.220473051 CET192.168.2.71.1.1.10x5e3dStandard query (0)attachments.prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.438282013 CET192.168.2.71.1.1.10xb9e0Standard query (0)pki-goog.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.501331091 CET192.168.2.71.1.1.10xa488Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.219415903 CET192.168.2.71.1.1.10x46edStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.240818977 CET192.168.2.71.1.1.10x1f6eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.263516903 CET192.168.2.71.1.1.10x32a4Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:45.458362103 CET192.168.2.71.1.1.10xe16cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.229208946 CET192.168.2.71.1.1.10x46edStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.241524935 CET192.168.2.71.1.1.10x1f6eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.267153978 CET192.168.2.71.1.1.10xa563Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.267895937 CET192.168.2.71.1.1.10x2e3bStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.283485889 CET192.168.2.71.1.1.10x4b1eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.578295946 CET192.168.2.71.1.1.10x11a6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.265331984 CET192.168.2.71.1.1.10x2e3bStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.265388012 CET192.168.2.71.1.1.10xa563Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.281788111 CET192.168.2.71.1.1.10x4b1eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377990007 CET192.168.2.71.1.1.10x4b1eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.495757103 CET192.168.2.71.1.1.10xae25Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.496670961 CET192.168.2.71.1.1.10xc660Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.581223965 CET192.168.2.71.1.1.10x11a6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.298780918 CET192.168.2.71.1.1.10x6d9dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.494369984 CET192.168.2.71.1.1.10xc660Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:48.494391918 CET192.168.2.71.1.1.10xae25Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.297013044 CET192.168.2.71.1.1.10x6d9dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.476335049 CET192.168.2.71.1.1.10x1b75Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.305609941 CET192.168.2.71.1.1.10x6d9dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.391320944 CET192.168.2.71.1.1.10xcdbcStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.491080046 CET192.168.2.71.1.1.10x1b75Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.881920099 CET192.168.2.71.1.1.10xee8Standard query (0)www.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.393702984 CET192.168.2.71.1.1.10xcdbcStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.876153946 CET192.168.2.71.1.1.10xee8Standard query (0)www.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.346244097 CET192.168.2.71.1.1.10xde4Standard query (0)classify-client.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.587589979 CET192.168.2.71.1.1.10x9ec2Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.352170944 CET192.168.2.71.1.1.10xde4Standard query (0)classify-client.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:54.584243059 CET192.168.2.71.1.1.10x9ec2Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.053159952 CET192.168.2.71.1.1.10xb58fStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.057290077 CET192.168.2.71.1.1.10xb58fStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:57.061156034 CET192.168.2.71.1.1.10xb58fStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:58.090725899 CET192.168.2.71.1.1.10x6dStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.081790924 CET192.168.2.71.1.1.10x6dStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.084954023 CET192.168.2.71.1.1.10x6dStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:02.087516069 CET192.168.2.71.1.1.10x6dStandard query (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.970866919 CET192.168.2.71.1.1.10xbc98Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.992726088 CET192.168.2.71.1.1.10xbc98Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.011251926 CET192.168.2.71.1.1.10xbc98Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.040473938 CET192.168.2.71.1.1.10x7d04Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:14.840584040 CET192.168.2.71.1.1.10x5641Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:21.181786060 CET192.168.2.71.1.1.10xa69bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:22.261126041 CET192.168.2.71.1.1.10x8ff6Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:29.101610899 CET192.168.2.71.1.1.10xd02eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:33.733951092 CET192.168.2.71.1.1.10xcd2cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:34.744585037 CET192.168.2.71.1.1.10xcd2cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.011293888 CET192.168.2.71.1.1.10xf172Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:46.475389957 CET192.168.2.71.1.1.10xc444Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:02.990881920 CET192.168.2.71.1.1.10xbcdeStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.204798937 CET192.168.2.71.1.1.10xc5d1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:04.205576897 CET192.168.2.71.1.1.10xc5d1Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:16.203361988 CET192.168.2.71.1.1.10x1f47Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.630817890 CET1.1.1.1192.168.2.70x54f3No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.721822977 CET1.1.1.1192.168.2.70x727fNo error (0)youtube.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.721911907 CET1.1.1.1192.168.2.70x681dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.721911907 CET1.1.1.1192.168.2.70x681dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.946696997 CET1.1.1.1192.168.2.70x804bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.954431057 CET1.1.1.1192.168.2.70x4203No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.955076933 CET1.1.1.1192.168.2.70xbe5dNo error (0)youtube.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.222078085 CET1.1.1.1192.168.2.70xa8c5No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.222091913 CET1.1.1.1192.168.2.70xa592No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.225152016 CET1.1.1.1192.168.2.70xff6eNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.225152016 CET1.1.1.1192.168.2.70xff6eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.312325001 CET1.1.1.1192.168.2.70x5c4eNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.406508923 CET1.1.1.1192.168.2.70xd5e5No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:19.406508923 CET1.1.1.1192.168.2.70xd5e5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.561424971 CET1.1.1.1192.168.2.70xfa34No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.893342972 CET1.1.1.1192.168.2.70x1e34No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001136065 CET1.1.1.1192.168.2.70x3c7dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001136065 CET1.1.1.1192.168.2.70x3c7dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001141071 CET1.1.1.1192.168.2.70x9fdfNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001151085 CET1.1.1.1192.168.2.70xaf7aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001352072 CET1.1.1.1192.168.2.70x4a67No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001352072 CET1.1.1.1192.168.2.70x4a67No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001352072 CET1.1.1.1192.168.2.70x4a67No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001358986 CET1.1.1.1192.168.2.70x9212No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.001358986 CET1.1.1.1192.168.2.70x9212No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.071486950 CET1.1.1.1192.168.2.70x1e34No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.823894978 CET1.1.1.1192.168.2.70xc10dNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.126697063 CET1.1.1.1192.168.2.70xcc19No error (0)mitmdetection.services.mozilla.com18.66.161.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.126697063 CET1.1.1.1192.168.2.70xcc19No error (0)mitmdetection.services.mozilla.com18.66.161.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.126697063 CET1.1.1.1192.168.2.70xcc19No error (0)mitmdetection.services.mozilla.com18.66.161.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.126697063 CET1.1.1.1192.168.2.70xcc19No error (0)mitmdetection.services.mozilla.com18.66.161.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.147386074 CET1.1.1.1192.168.2.70xc3c5No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.277791023 CET1.1.1.1192.168.2.70x725dNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.390300989 CET1.1.1.1192.168.2.70x6ffNo error (0)mitmdetection.services.mozilla.com18.66.161.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.390300989 CET1.1.1.1192.168.2.70x6ffNo error (0)mitmdetection.services.mozilla.com18.66.161.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.390300989 CET1.1.1.1192.168.2.70x6ffNo error (0)mitmdetection.services.mozilla.com18.66.161.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.390300989 CET1.1.1.1192.168.2.70x6ffNo error (0)mitmdetection.services.mozilla.com18.66.161.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.937135935 CET1.1.1.1192.168.2.70xae52No error (0)mitmdetection.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.735209942 CET1.1.1.1192.168.2.70xe0b1No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.736474991 CET1.1.1.1192.168.2.70xcb65No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:24.736474991 CET1.1.1.1192.168.2.70xcb65No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.116513968 CET1.1.1.1192.168.2.70xadfcNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.181797028 CET1.1.1.1192.168.2.70xdb35No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.181797028 CET1.1.1.1192.168.2.70xdb35No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.181797028 CET1.1.1.1192.168.2.70xdb35No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.686486006 CET1.1.1.1192.168.2.70x784aNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.686495066 CET1.1.1.1192.168.2.70xeaa0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.972419977 CET1.1.1.1192.168.2.70x1cebNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:26.972419977 CET1.1.1.1192.168.2.70x1cebNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.324345112 CET1.1.1.1192.168.2.70x4e42No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.580646038 CET1.1.1.1192.168.2.70xaad9No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:31.586615086 CET1.1.1.1192.168.2.70xb60No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.023571968 CET1.1.1.1192.168.2.70xa2dfNo error (0)o.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.023571968 CET1.1.1.1192.168.2.70xa2dfNo error (0)pki-goog.l.google.com142.250.181.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.133495092 CET1.1.1.1192.168.2.70x19c7No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.249358892 CET1.1.1.1192.168.2.70xb1a9No error (0)pki-goog.l.google.com172.217.17.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.506323099 CET1.1.1.1192.168.2.70xc916No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.580739021 CET1.1.1.1192.168.2.70x664eNo error (0)pki-goog.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.592201948 CET1.1.1.1192.168.2.70xffd3No error (0)o.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.592201948 CET1.1.1.1192.168.2.70xffd3No error (0)pki-goog.l.google.com142.250.181.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.710804939 CET1.1.1.1192.168.2.70x73c5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.710804939 CET1.1.1.1192.168.2.70x73c5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.710804939 CET1.1.1.1192.168.2.70x73c5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.710804939 CET1.1.1.1192.168.2.70x73c5No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.713424921 CET1.1.1.1192.168.2.70xc46cNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.713424921 CET1.1.1.1192.168.2.70xc46cNo error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714231014 CET1.1.1.1192.168.2.70xe1bbNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:35.714231014 CET1.1.1.1192.168.2.70xe1bbNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.189670086 CET1.1.1.1192.168.2.70xe1bbNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.189670086 CET1.1.1.1192.168.2.70xe1bbNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.190983057 CET1.1.1.1192.168.2.70xbbbcNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.192462921 CET1.1.1.1192.168.2.70xf311No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.192462921 CET1.1.1.1192.168.2.70xf311No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.192462921 CET1.1.1.1192.168.2.70xf311No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.192462921 CET1.1.1.1192.168.2.70xf311No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.192462921 CET1.1.1.1192.168.2.70xf311No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.310142040 CET1.1.1.1192.168.2.70x8187No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.313549042 CET1.1.1.1192.168.2.70x2783No error (0)firefox-settings-attachments.cdn.mozilla.netattachments.prod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.313549042 CET1.1.1.1192.168.2.70x2783No error (0)attachments.prod.remote-settings.prod.webservices.mozgcp.net34.117.121.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.408587933 CET1.1.1.1192.168.2.70x1058No error (0)star-mini.c10r.facebook.com31.13.83.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.519407988 CET1.1.1.1192.168.2.70x7e9aNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.519407988 CET1.1.1.1192.168.2.70x7e9aNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.519407988 CET1.1.1.1192.168.2.70x7e9aNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.519407988 CET1.1.1.1192.168.2.70x7e9aNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.549953938 CET1.1.1.1192.168.2.70x7f67No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.810983896 CET1.1.1.1192.168.2.70x6d45No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:36.811296940 CET1.1.1.1192.168.2.70x8a54No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:37.115180969 CET1.1.1.1192.168.2.70x332aNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:38.219718933 CET1.1.1.1192.168.2.70xf45cNo error (0)attachments.prod.remote-settings.prod.webservices.mozgcp.net34.117.121.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:40.616540909 CET1.1.1.1192.168.2.70xb9e0No error (0)pki-goog.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.167129993 CET1.1.1.1192.168.2.70x32a4No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.167129993 CET1.1.1.1192.168.2.70x32a4No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.266359091 CET1.1.1.1192.168.2.70x46edNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.272510052 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.272510052 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.272510052 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:46.272510052 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.361166954 CET1.1.1.1192.168.2.70x46edNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377747059 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377747059 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377747059 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.377747059 CET1.1.1.1192.168.2.70x1f6eNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.493951082 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.493951082 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.493951082 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.493951082 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.494165897 CET1.1.1.1192.168.2.70x2e3bNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:47.718260050 CET1.1.1.1192.168.2.70x11a6No error (0)www.google.com216.58.208.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.010094881 CET1.1.1.1192.168.2.70x2e3bNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332576036 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332576036 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332576036 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332576036 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332587004 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332587004 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332587004 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.332587004 CET1.1.1.1192.168.2.70x4b1eNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.477072001 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.477072001 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.477072001 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.477072001 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:49.794030905 CET1.1.1.1192.168.2.70x11a6No error (0)www.google.com142.251.37.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.389070988 CET1.1.1.1192.168.2.70x6d9dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.456115007 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.456115007 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.456115007 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.456115007 CET1.1.1.1192.168.2.70xc660No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:50.880321026 CET1.1.1.1192.168.2.70x1b75No error (0)www.google.com142.250.181.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:51.781294107 CET1.1.1.1192.168.2.70x6d9dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.099926949 CET1.1.1.1192.168.2.70x1b75No error (0)www.google.com216.58.204.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.583880901 CET1.1.1.1192.168.2.70xee8No error (0)www.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.652962923 CET1.1.1.1192.168.2.70xee8No error (0)www.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.051628113 CET1.1.1.1192.168.2.70xde4No error (0)classify-client.services.mozilla.comprod-classifyclient.normandy.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.051628113 CET1.1.1.1192.168.2.70xde4No error (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net34.98.75.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.586720943 CET1.1.1.1192.168.2.70x1582No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:55.586720943 CET1.1.1.1192.168.2.70x1582No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.510375977 CET1.1.1.1192.168.2.70xde4No error (0)classify-client.services.mozilla.comprod-classifyclient.normandy.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.510375977 CET1.1.1.1192.168.2.70xde4No error (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net34.98.75.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.884145021 CET1.1.1.1192.168.2.70x1582No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:56.884145021 CET1.1.1.1192.168.2.70x1582No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:58.089720964 CET1.1.1.1192.168.2.70xb58fNo error (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net34.98.75.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.452925920 CET1.1.1.1192.168.2.70x1582No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:59.452925920 CET1.1.1.1192.168.2.70x1582No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:00.808952093 CET1.1.1.1192.168.2.70xb58fNo error (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net34.98.75.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:03.761353970 CET1.1.1.1192.168.2.70xb58fNo error (0)prod-classifyclient.normandy.prod.cloudops.mozgcp.net34.98.75.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:04.933065891 CET1.1.1.1192.168.2.70x3af1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.009919882 CET1.1.1.1192.168.2.70x3af1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.010862112 CET1.1.1.1192.168.2.70x3af1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.715148926 CET1.1.1.1192.168.2.70x3af1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.773977995 CET1.1.1.1192.168.2.70x3528No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:10.773977995 CET1.1.1.1192.168.2.70x3528No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:03.192483902 CET1.1.1.1192.168.2.70xbcdeNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:21:16.545382023 CET1.1.1.1192.168.2.70x1f47No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • aus5.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                • spocs.getpocket.com
                                                                                                                                                                                                                                                                                                                                                                                                                • push.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                • incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                • youtube.com
                                                                                                                                                                                                                                                                                                                                                                                                                • firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                • www.youtube.com
                                                                                                                                                                                                                                                                                                                                                                                                                • firefox-settings-attachments.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                • content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                • location.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                • normandy.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                • services.addons.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                • https:
                                                                                                                                                                                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                                                                                                                                                                                • classify-client.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                0192.168.2.74972034.107.221.82807840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:18.932226896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:20.171227932 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 02:44:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 45277
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                1192.168.2.74972934.107.221.82807840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.521866083 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.850917101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 03:26:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 42798
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                2192.168.2.74973034.107.221.82807840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:21.531699896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:22.886817932 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 02:44:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 45279
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                3192.168.2.74974534.107.221.82807840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.662084103 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.133497953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 03:26:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 42802
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                4192.168.2.74974634.107.221.82807840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:25.662182093 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:27.129400969 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 02:44:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 45283
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                5192.168.2.74976134.107.221.82807840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:30.839606047 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:32.035115004 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 10:54:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 15894
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:42.055700064 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:52.261533022 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:19:53.264466047 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:05.032289028 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:06.033889055 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:07.035403013 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:17.999984980 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:19.011847019 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:30.051237106 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                                                                Dec 7, 2024 16:20:40.448160887 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                0192.168.2.74974335.244.181.2014437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:26 UTC467OUTGET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml?force=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: aus5.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC454INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 702
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-ID: 17933
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-Data-Version: 1
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000;
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
                                                                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache-Status: MISS
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=90
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC545INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 75 70 64 61 74 65 20 61 63 74 69 6f 6e 73 3d 22 73 68 6f 77 55 52 4c 22 20 61 70 70 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 62 75 69 6c 64 49 44 3d 22 32 30 32 34 30 36 30 36 31 38 31 39 34 34 22 20 64 65 74 61 69 6c 73 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 72 65 6c 65 61 73 65 6e 6f 74 65 73 2f 22 20 64 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 6f 70 65 6e 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 77 68 61 74 73 6e 65 77
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0"?><updates> <update actions="showURL" appVersion="127.0" buildID="20240606181944" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" openURL="https://www.mozilla.org/firefox/127.0/whatsnew
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC157INData Raw: 35 36 31 63 39 61 61 37 37 33 37 32 63 65 33 31 66 66 63 31 39 63 31 34 63 35 35 37 34 37 30 34 65 64 35 62 32 64 38 34 39 63 66 65 63 38 64 32 66 66 66 62 30 33 30 36 36 65 34 38 33 35 66 32 34 62 35 38 37 30 35 36 36 30 34 31 38 65 32 65 34 31 36 36 39 36 37 64 32 62 35 37 33 38 36 63 39 32 65 39 36 39 35 32 63 37 35 30 34 63 37 30 63 22 20 73 69 7a 65 3d 22 36 39 37 37 36 38 30 38 22 2f 3e 0a 20 20 20 20 3c 2f 75 70 64 61 74 65 3e 0a 3c 2f 75 70 64 61 74 65 73 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 561c9aa77372ce31ffc19c14c5574704ed5b2d849cfec8d2fffb03066e4835f24b58705660418e2e4166967d2b57386c92e96952c7504c70c" size="69776808"/> </update></updates>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                1192.168.2.74974434.117.188.1664437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:27 UTC304OUTPOST /spocs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: spocs.getpocket.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 197
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:27 UTC197OUTData Raw: 7b 22 70 6f 63 6b 65 74 5f 69 64 22 3a 22 7b 32 61 63 62 37 33 61 38 2d 30 36 65 34 2d 34 61 36 63 2d 62 63 35 30 2d 35 37 39 35 36 31 61 30 63 38 35 63 7d 22 2c 22 76 65 72 73 69 6f 6e 22 3a 32 2c 22 63 6f 6e 73 75 6d 65 72 5f 6b 65 79 22 3a 22 34 30 32 34 39 2d 65 38 38 63 34 30 31 65 31 62 31 66 32 32 34 32 64 39 65 34 34 31 63 34 22 2c 22 70 6c 61 63 65 6d 65 6e 74 73 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 70 6f 6e 73 6f 72 65 64 2d 74 6f 70 73 69 74 65 73 22 2c 22 61 64 5f 74 79 70 65 73 22 3a 5b 33 31 32 30 5d 2c 22 7a 6f 6e 65 5f 69 64 73 22 3a 5b 32 38 30 31 34 33 5d 7d 5d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"pocket_id":"{2acb73a8-06e4-4a6c-bc50-579561a0c85c}","version":2,"consumer_key":"40249-e88c401e1b1f2242d9e441c4","placements":[{"name":"sponsored-topsites","ad_types":[3120],"zone_ids":[280143]}]}
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 15:19:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1168
                                                                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC1168INData Raw: 7b 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 66 65 61 74 75 72 65 5f 66 6c 61 67 73 22 3a 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 22 3a 66 61 6c 73 65 2c 22 73 70 6f 63 5f 76 32 22 3a 74 72 75 65 7d 2c 22 73 70 6f 63 73 50 65 72 4e 65 77 54 61 62 73 22 3a 31 2c 22 64 6f 6d 61 69 6e 41 66 66 69 6e 69 74 79 50 61 72 61 6d 65 74 65 72 53 65 74 73 22 3a 7b 22 64 65 66 61 75 6c 74 22 3a 7b 22 63 6f 6d 62 69 6e 65 64 44 6f 6d 61 69 6e 46 61 63 74 6f 72 22 3a 30 2e 35 2c 22 66 72 65 71 75 65 6e 63 79 46 61 63 74 6f 72 22 3a 30 2e 35 2c 22 69 74 65 6d 53 63 6f 72 65 46 61 63 74 6f 72 22 3a 31 2c 22 6d 75 6c 74 69 44 6f 6d 61 69 6e 42 6f 6f 73 74 22 3a 30 2c 22 70 65 72 66 65 63 74 43 6f 6d 62 69 6e 65 64 44 6f 6d 61 69 6e 53 63 6f 72 65 22 3a 32 2c 22 70 65 72 66 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"settings":{"feature_flags":{"collections":false,"spoc_v2":true},"spocsPerNewTabs":1,"domainAffinityParameterSets":{"default":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":1,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfe


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                2192.168.2.74975034.107.243.934437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:27 UTC604OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: push.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                                                                                                                                                                                                                Origin: wss://push.services.mozilla.com/
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Protocol: push-notification
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Key: CPTon1ExrULZWiFcmAW6pw==
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive, Upgrade
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC220INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 81
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 15:19:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC81INData Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                3192.168.2.74975134.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:27 UTC618OUTPOST /submit/firefox-desktop/events/1/06d175bf-ef85-4100-85f9-be4f44a1771d HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:25:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 959
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:27 UTC959OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff b5 56 4d 6f e3 36 10 fd 2f ba ae c7 20 25 ea cb d7 9e 7a ee 16 3d 14 85 40 91 23 9b a8 4c 69 49 2a 89 11 e4 bf 77 28 3b b6 e3 d8 86 77 bb 0b 18 81 40 ce c7 7b 8f 7c c3 bc 26 a3 b1 eb c6 d8 6e 48 56 af 89 c7 6f c9 8a 2f 12 1f a4 0b 4d 30 5b 4c 56 49 ca d2 0c 38 03 96 7f 65 d5 4a f0 2f 8c af 18 4b 16 09 5a 7d 16 23 80 a7 c0 ca af 9c af d2 9c 82 f7 31 0e a5 1f 2c 45 cc 25 a7 31 a6 bd 8c e8 28 cd 06 1f 7b 6e cd 0b 6a 50 83 0d b4 02 3d 3e 61 0f 29 b8 a1 ef 61 98 02 38 ec a9 04 02 e7 59 8c 6e 9d b4 6a 43 f5 62 02 05 cd f5 82 93 71 2f ec c6 88 c5 9a 6d 3b f9 b9 02 15 98 71 c6 ef d8 f0 77 4d fb 5a 6a 59 e4 4a 80 ec b2 02 84 54 1d b4 5d ce a1 e8 64 a6 50 96 8a 3e 92 b7 b7 45 32 8d 6b 27 35 82 1f 87 d0 9b f5 26 1c 6b 9e 03 09 44 31 c4
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: VMo6/ %z=@#LiI*w(;w@{|&nHVo/M0[LVI8eJ/KZ}#1,E%1({njP=>a)a8YnjCbq/m;qwMZjYJT]dP>E2k'5&kD1
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                4192.168.2.749747142.250.181.1424437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC503OUTGET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: youtube.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:29 UTC1299INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Expires: Sat, 07 Dec 2024 15:19:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Location: https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script'
                                                                                                                                                                                                                                                                                                                                                                                                                Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                                                                                                                                                                                                                Server: ESF
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                5192.168.2.74975434.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:28 UTC456OUTGET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                If-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                If-None-Match: "1648230346554"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:29 UTC632INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 330
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Content-Type, Expires, Content-Length, ETag, Alert, Pragma, Backoff, Last-Modified, Cache-Control, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:29:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3002
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 02 Dec 2024 22:25:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733178311775"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:29 UTC330INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 37 66 33 32 37 36 39 64 36 62 62 34 65 38 37 35 66 35 38 63 65 62 39 65 32 66 62 66 64 63 39 62 64 36 62 38 32 33 39 37 65 63 61 37 61 34 63 35 32 33 30 62 30 37 38 36 65 36 38 66 31 37 39 38 22 2c 22 73 69 7a 65 22 3a 31 35 38 32 39 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 61 73 72 6f 75 74 65 72 2e 66 74 6c 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 6d 73 2d 6c 61 6e 67 75 61 67 65 2d 70 61 63 6b 73 2f 62 38 61 61 39 39 64 64 2d 62 32 62 36 2d 34 33 31 32 2d 38 63 34 30 2d 64 31 35 38 36 37 33 39 33 62 31 33 2e 66 74 6c 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"attachment":{"hash":"7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798","size":15829,"filename":"asrouter.ftl","location":"main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl","mimetype":"app


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                6192.168.2.74976834.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:33 UTC620OUTPOST /submit/firefox-desktop/metrics/1/5b9e6e4d-e959-413e-9378-1742a9f81a53 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:25:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 3770
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:33 UTC3770OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8d 5a cb 6e e3 ca 11 fd 17 2d b2 c9 50 b7 df ec 36 10 24 bb 20 eb 24 c8 22 08 04 8a a4 6c 66 24 52 97 a4 ec f1 1d cc bf e7 f4 83 54 17 2d cf 0d 60 18 14 d9 8f ea 7a 9c 3a 55 e4 f7 dd b5 eb 9f 0f 5d 7f 1a 76 4f df 77 53 fb eb ee 89 7d d9 4d 73 35 ce 87 b9 bb b4 bb a7 9d 60 42 15 5c 14 ac fc 07 e7 4f 42 17 4c 3f 31 b6 fb b2 6b fb e6 77 c7 8c 6d 35 0d 3d 46 0c af ed d8 dc 5a 3f ed db b5 1d 31 ad 9f a7 b8 e7 78 2d aa a6 98 db 73 7b 69 e7 f1 bd 18 87 f3 79 b8 cd fe e1 71 ac fa fa 05 d3 eb a1 9f 71 3f 4c 9f c7 ca 3f 6b 7b 3f d0 af f3 b7 c6 8f 10 56 29 75 3a 15 65 d3 b8 42 a9 aa 2c ac ab 54 d1 ba 5a 54 5c c9 a6 36 15 a6 cf ef 57 2f 70 df 5d 8e b7 69 dd ea c7 8f 2f bb db f5 79 ac 9a b6 98 ae c3 7c ee 9e 5f e6 87 82 cc 38 d1 ec 37 fd
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Zn-P6$ $"lf$RT-`z:U]vOwS}Ms5`B\OBL?1kwm5=FZ?1x-s{iyqq?L?k{?V)u:eB,TZT\6W/p]i/y|_87
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:34 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                7192.168.2.74977334.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:33 UTC266OUTGET /v1/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:35 UTC510INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 939
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:52:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 1618
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:35 UTC880INData Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 39 2e 33 2e 30 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 65 78 70 6c 69 63 69 74 5f 70 65 72 6d 69 73 73 69 6f 6e 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"project_name":"Remote Settings PROD","project_version":"19.3.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"explicit_permissions
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:35 UTC59INData Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                8192.168.2.749772172.217.21.464437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:34 UTC521OUTGET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: www.youtube.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:36 UTC2190INHTTP/1.1 303 See Other
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/binary
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                                                                                                                                                                                                                                                                                                                                                                                Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script'
                                                                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                                                                                                                                                                                                                                                                                                                                                                                P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                                                                                                                                                                                                                                                                                                                                                                                                                Server: ESF
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Sat, 07-Dec-2024 15:49:35 GMT; Path=/; Secure; HttpOnly
                                                                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: YSC=MDH3BeZH894; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITOR_INFO1_LIVE=SBPKTHrIye4; Domain=.youtube.com; Expires=Thu, 05-Jun-2025 15:19:35 GMT; Path=/; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                                                                Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgQg%3D%3D; Domain=.youtube.com; Expires=Thu, 05-Jun-2025 15:19:35 GMT; Path=/; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                9192.168.2.74977534.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:34 UTC266OUTGET /v1/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:35 UTC510INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 939
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:24:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3292
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:35 UTC880INData Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 39 2e 33 2e 30 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a 32 35 2c 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"project_name":"Remote Settings PROD","project_version":"19.3.0","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"batch_max_requests":25,"readonly":tr
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:35 UTC59INData Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                10192.168.2.74978434.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:37 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/12672553-cb8c-4210-ae02-a59c1a541208 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:25:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 423
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:37 UTC423OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 52 4d 6f a3 30 10 fd 2f be 36 b0 36 c1 84 70 eb a1 da d3 ee 4a a5 ab bd 54 b2 1c 7b 92 5a 0b 86 da a6 6d 54 e5 bf 77 6c fa 29 22 55 b2 40 cc bc 37 ef f1 c6 cf 64 34 f6 20 8c dd 0f a4 79 26 1e ee 49 c3 57 c4 07 e9 82 08 a6 07 d2 90 82 16 eb 8c d1 8c f2 1b 5a 37 25 bb a0 ac a1 94 ac 08 58 fd 0d e6 b4 22 aa 33 60 c3 bb 42 80 0e 7a 08 ee 28 bc fe 2f 76 93 e9 34 d2 f9 3a 2f f2 38 72 6f 9c 0f c2 4d 56 68 19 be 0e 7e 97 4d a4 b7 3e db 6e b0 c9 f0 dc 50 da a4 73 91 9e 08 1c 3c 02 fe 19 ab 87 47 8f 9f d2 a9 3b 13 40 85 c9 45 e6 53 5d 89 aa 8c f5 71 14 ea 4e 5a 0b 1d 96 1d 1a 94 1e 12 5d 3c 80 f3 66 b0 51 87 26 7f 11 fb 66 3a 5a a3 db 62 53 ac 0b 5e d4 af 4d 6d fc d8 c9 e3 67 26 ab 73 9a 33 ec 77 83 92 5d 94 06 9b fd 6d b1 f0 38 7b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: RMo0/66pJT{ZmTwl)"U@7d4 y&IWZ7%X"3`Bz(/v4:/8roMVh~M>nPs<G;@ES]qNZ]<fQ&f:ZbS^Mmg&s3w]m8{
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:37 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                11192.168.2.74978534.107.243.934437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:37 UTC604OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: push.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                                                                                                                                                                                                                Origin: wss://push.services.mozilla.com/
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Protocol: push-notification
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Key: ob9Trf5z9SVZVp9ssS6v6w==
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive, Upgrade
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC220INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 81
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 15:19:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC81INData Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                12192.168.2.74978734.117.121.534437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:37 UTC343OUTGET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox-settings-attachments.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC690INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-generation: 1733172985945667
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-metageneration: 1
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-stored-content-encoding: identity
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-stored-content-length: 15829
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-hash: crc32c=Vecspg==
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-hash: md5=lsVC3sAW2ewezE3d/LqsZg==
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-storage-class: STANDARD
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 15829
                                                                                                                                                                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC7986mJMrJIWPGNRsqm0EsyHRRDln8BYOABZbVCxTaCwcKBA55JqSKJJ7EVJAbrbCQ2_-0tp4eS5g
                                                                                                                                                                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 02 Dec 2024 22:34:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=604800
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 02 Dec 2024 20:56:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "96c542dec016d9ec1ecc4dddfcbaac66"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 405912
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC700INData Raw: 23 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 23 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 23 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 23 23 20 54 68 65 73 65 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 75 73 65 64 20 61 73 20 68 65 61 64 69 6e 67 73 20 69 6e 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: # This Source Code Form is subject to the terms of the Mozilla Public# License, v. 2.0. If a copy of the MPL was not distributed with this# file, You can obtain one at http://mozilla.org/MPL/2.0/.## These messages are used as headings in the recommend
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 6e 65 76 65 72 2d 73 68 6f 77 2d 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 20 3d 20 44 6f 6e e2 80 99 74 20 53 68 6f 77 20 4d 65 20 54 68 69 73 20 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 6c 65 61 72 6e 2d 6d 6f 72 65 2d 6c 69 6e 6b 20 3d 20 4c 65 61 72 6e 20 6d 6f 72 65 0a 0a 23 20 54 68 69 73 20 73 74 72 69 6e 67 20 69 73 20 75 73 65 64 20 6f 6e 20 61 20 6e 65 77 20 6c 69 6e 65 20 62 65 6c 6f 77 20 74 68 65 20 61 64 64 2d 6f 6e 20 6e 61 6d 65 0a 23 20 56 61 72 69 61 62 6c 65 73 3a 0a 23 20 20 20 24 6e 61 6d 65 20 28 53 74 72 69 6e 67 29 20 2d 20 41 64 64 2d 6f 6e 20 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rhanger-extension-never-show-recommendation = Dont Show Me This Recommendation .accesskey = Scfr-doorhanger-extension-learn-more-link = Learn more# This string is used on a new line below the add-on name# Variables:# $name (String) - Add-on a
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 24 74 6f 74 61 6c 20 7d 20 73 74 61 72 73 0a 20 20 20 20 7d 0a 23 20 56 61 72 69 61 62 6c 65 73 3a 0a 23 20 20 20 24 74 6f 74 61 6c 20 28 4e 75 6d 62 65 72 29 20 2d 20 54 68 65 20 74 6f 74 61 6c 20 6e 75 6d 62 65 72 20 6f 66 20 75 73 65 72 73 20 75 73 69 6e 67 20 74 68 65 20 61 64 64 2d 6f 6e 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 74 6f 74 61 6c 2d 75 73 65 72 73 20 3d 0a 20 20 7b 20 24 74 6f 74 61 6c 20 2d 3e 0a 20 20 20 20 20 20 5b 6f 6e 65 5d 20 7b 20 24 74 6f 74 61 6c 20 7d 20 75 73 65 72 0a 20 20 20 20 20 2a 5b 6f 74 68 65 72 5d 20 7b 20 24 74 6f 74 61 6c 20 7d 20 75 73 65 72 73 0a 20 20 7d 0a 0a 23 23 20 46 69 72 65 66 6f 78 20 41 63 63 6f 75 6e 74 73 20 4d 65 73 73 61 67 65 0a 0a 63 66 72 2d 64 6f 6f 72 68 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $total } stars }# Variables:# $total (Number) - The total number of users using the add-oncfr-doorhanger-extension-total-users = { $total -> [one] { $total } user *[other] { $total } users }## Firefox Accounts Messagecfr-doorha
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 21 0a 20 20 7d 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 6d 69 6c 65 73 74 6f 6e 65 2d 6f 6b 2d 62 75 74 74 6f 6e 20 3d 20 53 65 65 20 41 6c 6c 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 6d 69 6c 65 73 74 6f 6e 65 2d 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 20 3d 20 43 6c 6f 73 65 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 43 0a 0a 23 23 20 44 4f 48 20 4d 65 73 73 61 67 65 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 64 6f 68 2d 62 6f 64 79 20 3d 20 59 6f 75 72 20 70 72 69 76 61 63 79 20 6d 61 74 74 65 72 73 2e 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 20 6e 6f 77 20 73 65 63 75 72 65 6c 79 20 72 6f 75 74 65 73 20 79 6f 75 72 20 44 4e 53 20 72 65 71 75 65 73 74 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ! }cfr-doorhanger-milestone-ok-button = See All .accesskey = Scfr-doorhanger-milestone-close-button = Close .accesskey = C## DOH Messagecfr-doorhanger-doh-body = Your privacy matters. { -brand-short-name } now securely routes your DNS requests
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 68 65 6c 70 20 6b 65 65 70 20 79 6f 75 20 70 72 6f 74 65 63 74 65 64 20 77 68 65 6e 20 62 72 6f 77 73 69 6e 67 20 69 6e 20 70 75 62 6c 69 63 20 70 6c 61 63 65 73 20 6c 69 6b 65 20 61 69 72 70 6f 72 74 73 20 61 6e 64 20 63 6f 66 66 65 65 20 73 68 6f 70 73 2e 0a 73 70 6f 74 6c 69 67 68 74 2d 70 75 62 6c 69 63 2d 77 69 66 69 2d 76 70 6e 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 53 74 61 79 20 70 72 69 76 61 74 65 20 77 69 74 68 20 7b 20 2d 6d 6f 7a 69 6c 6c 61 2d 76 70 6e 2d 62 72 61 6e 64 2d 6e 61 6d 65 20 7d 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 73 70 6f 74 6c 69 67 68 74 2d 70 75 62 6c 69 63 2d 77 69 66 69 2d 76 70 6e 2d 6c 69 6e 6b 20 3d 20 4e 6f 74 20 4e 6f 77 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 4e 0a 0a 23 23 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: help keep you protected when browsing in public places like airports and coffee shops.spotlight-public-wifi-vpn-primary-button = Stay private with { -mozilla-vpn-brand-name } .accesskey = Sspotlight-public-wifi-vpn-link = Not Now .accesskey = N##
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 72 65 20 70 72 69 76 61 74 65 2e 20 46 65 77 65 72 20 74 72 61 63 6b 65 72 73 2e 20 4e 6f 20 63 6f 6d 70 72 6f 6d 69 73 65 73 2e 0a 6d 72 32 30 32 32 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 75 70 64 61 74 65 2d 74 6f 61 73 74 2d 74 65 78 74 20 3d 20 54 72 79 20 74 68 65 20 6e 65 77 65 73 74 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 20 6e 6f 77 2c 20 75 70 67 72 61 64 65 64 20 77 69 74 68 20 6f 75 72 20 73 74 72 6f 6e 67 65 73 74 20 61 6e 74 69 2d 74 72 61 63 6b 69 6e 67 20 70 72 6f 74 65 63 74 69 6f 6e 20 79 65 74 2e 0a 0a 23 20 54 68 69 73 20 62 75 74 74 6f 6e 20 6c 61 62 65 6c 20 77 69 6c 6c 20 62 65 20 66 69 74 74 65 64 20 69 6e 74 6f 20 61 20 6e 61 72 72 6f 77 20 66 69 78 65 64 2d 77 69 64 74 68 20 62 75 74 74 6f 6e 20 62 79 0a 23
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: re private. Fewer trackers. No compromises.mr2022-background-update-toast-text = Try the newest { -brand-short-name } now, upgraded with our strongest anti-tracking protection yet.# This button label will be fitted into a narrow fixed-width button by#
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 20 67 69 76 69 6e 67 20 79 6f 75 20 73 61 66 65 2c 20 73 70 65 65 64 79 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 67 6f 6f 64 20 69 6e 74 65 72 6e 65 74 2e 0a 6a 75 6c 79 2d 6a 61 6d 2d 73 65 74 2d 64 65 66 61 75 6c 74 2d 70 72 69 6d 61 72 79 20 3d 20 4f 70 65 6e 20 6d 79 20 6c 69 6e 6b 73 20 77 69 74 68 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 0a 66 6f 78 2d 64 6f 6f 64 6c 65 2d 70 69 6e 2d 68 65 61 64 6c 69 6e 65 20 3d 20 57 65 6c 63 6f 6d 65 20 62 61 63 6b 0a 0a 23 20 e2 80 9c 69 6e 64 69 65 e2 80 9d 20 69 73 20 73 68 6f 72 74 20 66 6f 72 20 74 68 65 20 74 65 72 6d 20 e2 80 9c 69 6e 64 65 70 65 6e 64 65 6e 74 e2 80 9d 2e 0a 23 20 49 6e 20 74 68 69 73 20 69 6e 73 74 61 6e 63 65 2c 20 66 72 65 65 20 66 72 6f 6d 20 6f 75 74 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: giving you safe, speedy access to the good internet.july-jam-set-default-primary = Open my links with { -brand-short-name }fox-doodle-pin-headline = Welcome back# indie is short for the term independent.# In this instance, free from outs
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 70 72 6f 74 65 63 74 65 64 20 61 63 72 6f 73 73 20 61 6c 6c 20 79 6f 75 72 20 64 65 76 69 63 65 73 2e 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 68 65 61 76 79 2d 75 73 65 72 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 47 65 74 20 73 74 61 72 74 65 64 0a 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 6f 6c 64 65 72 2d 64 65 76 69 63 65 2d 68 65 61 64 65 72 20 3d 20 50 65 61 63 65 20 6f 66 20 6d 69 6e 64 2c 20 66 72 6f 6d 20 7b 20 2d 62 72 61 6e 64 2d 70 72 6f 64 75 63 74 2d 6e 61 6d 65 20 7d 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 6f 6c 64 65 72 2d 64 65 76 69 63 65 2d 62 6f 64 79 20 3d 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: protected across all your devices.device-migration-fxa-spotlight-heavy-user-primary-button = Get starteddevice-migration-fxa-spotlight-older-device-header = Peace of mind, from { -brand-product-name }device-migration-fxa-spotlight-older-device-body =
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 20 72 65 61 64 20 61 6e 64 20 65 64 69 74 20 50 44 46 73 20 73 61 76 65 64 20 74 6f 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 2e 0a 70 64 66 2d 64 65 66 61 75 6c 74 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 73 65 74 2d 64 65 66 61 75 6c 74 2d 62 75 74 74 6f 6e 20 3d 0a 20 20 20 20 2e 6c 61 62 65 6c 20 3d 20 53 65 74 20 61 73 20 64 65 66 61 75 6c 74 0a 70 64 66 2d 64 65 66 61 75 6c 74 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 64 65 63 6c 69 6e 65 2d 62 75 74 74 6f 6e 20 3d 0a 20 20 20 20 2e 6c 61 62 65 6c 20 3d 20 4e 6f 74 20 6e 6f 77 0a 0a 23 23 20 4c 61 75 6e 63 68 20 6f 6e 20 6c 6f 67 69 6e 20 69 6e 66 6f 62 61 72 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 0a 0a 6c 61 75 6e 63 68 2d 6f 6e 2d 6c 6f 67 69 6e 2d 69 6e 66 6f 62 61 72 2d 6d 65 73 73 61 67 65 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: read and edit PDFs saved to your computer.pdf-default-notification-set-default-button = .label = Set as defaultpdf-default-notification-decline-button = .label = Not now## Launch on login infobar notificationlaunch-on-login-infobar-message
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 6f 74 6c 69 67 68 74 2d 74 69 74 6c 65 20 3d 20 4b 65 65 70 20 70 65 73 6b 79 20 74 72 61 63 6b 65 72 73 20 6f 66 66 20 79 6f 75 72 20 74 61 69 6c 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67 68 74 2d 73 75 62 74 69 74 6c 65 20 3d 20 53 61 79 20 67 6f 6f 64 62 79 65 20 74 6f 20 61 6e 6e 6f 79 69 6e 67 20 61 64 20 74 72 61 63 6b 65 72 73 20 61 6e 64 20 73 65 74 74 6c 65 20 69 6e 74 6f 20 61 20 73 61 66 65 72 2c 20 73 70 65 65 64 79 20 69 6e 74 65 72 6e 65 74 20 65 78 70 65 72 69 65 6e 63 65 2e 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67 68 74 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 4f 70 65 6e 20 6d 79 20 6c 69 6e 6b 73 20 77 69 74 68 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 0a 74 61 69 6c 2d 66 6f 78 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: otlight-title = Keep pesky trackers off your tailtail-fox-spotlight-subtitle = Say goodbye to annoying ad trackers and settle into a safer, speedy internet experience.tail-fox-spotlight-primary-button = Open my links with { -brand-short-name }tail-fox-


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                13192.168.2.74978634.117.121.534437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:37 UTC343OUTGET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox-settings-attachments.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC683INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-generation: 1733172985945667
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-metageneration: 1
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-stored-content-encoding: identity
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-stored-content-length: 15829
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-hash: crc32c=Vecspg==
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-hash: md5=lsVC3sAW2ewezE3d/LqsZg==
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-storage-class: STANDARD
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 15829
                                                                                                                                                                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC5COcvqXPvH6Mz-lc0KIb4lGqSqlZemtTl9rjiiMhWB_BGskKEIezQBDg-yCqzVpBdUAQo
                                                                                                                                                                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 02 Dec 2024 22:34:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=604800
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 02 Dec 2024 20:56:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "96c542dec016d9ec1ecc4dddfcbaac66"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 405900
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC707INData Raw: 23 20 54 68 69 73 20 53 6f 75 72 63 65 20 43 6f 64 65 20 46 6f 72 6d 20 69 73 20 73 75 62 6a 65 63 74 20 74 6f 20 74 68 65 20 74 65 72 6d 73 20 6f 66 20 74 68 65 20 4d 6f 7a 69 6c 6c 61 20 50 75 62 6c 69 63 0a 23 20 4c 69 63 65 6e 73 65 2c 20 76 2e 20 32 2e 30 2e 20 49 66 20 61 20 63 6f 70 79 20 6f 66 20 74 68 65 20 4d 50 4c 20 77 61 73 20 6e 6f 74 20 64 69 73 74 72 69 62 75 74 65 64 20 77 69 74 68 20 74 68 69 73 0a 23 20 66 69 6c 65 2c 20 59 6f 75 20 63 61 6e 20 6f 62 74 61 69 6e 20 6f 6e 65 20 61 74 20 68 74 74 70 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 4d 50 4c 2f 32 2e 30 2f 2e 0a 0a 23 23 20 54 68 65 73 65 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 75 73 65 64 20 61 73 20 68 65 61 64 69 6e 67 73 20 69 6e 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: # This Source Code Form is subject to the terms of the Mozilla Public# License, v. 2.0. If a copy of the MPL was not distributed with this# file, You can obtain one at http://mozilla.org/MPL/2.0/.## These messages are used as headings in the recommend
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 2d 65 78 74 65 6e 73 69 6f 6e 2d 6e 65 76 65 72 2d 73 68 6f 77 2d 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 20 3d 20 44 6f 6e e2 80 99 74 20 53 68 6f 77 20 4d 65 20 54 68 69 73 20 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 6c 65 61 72 6e 2d 6d 6f 72 65 2d 6c 69 6e 6b 20 3d 20 4c 65 61 72 6e 20 6d 6f 72 65 0a 0a 23 20 54 68 69 73 20 73 74 72 69 6e 67 20 69 73 20 75 73 65 64 20 6f 6e 20 61 20 6e 65 77 20 6c 69 6e 65 20 62 65 6c 6f 77 20 74 68 65 20 61 64 64 2d 6f 6e 20 6e 61 6d 65 0a 23 20 56 61 72 69 61 62 6c 65 73 3a 0a 23 20 20 20 24 6e 61 6d 65 20 28 53 74 72 69 6e 67 29 20 2d 20 41 64 64 2d 6f 6e 20 61 75 74 68 6f 72 20 6e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -extension-never-show-recommendation = Dont Show Me This Recommendation .accesskey = Scfr-doorhanger-extension-learn-more-link = Learn more# This string is used on a new line below the add-on name# Variables:# $name (String) - Add-on author n
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 7d 20 73 74 61 72 73 0a 20 20 20 20 7d 0a 23 20 56 61 72 69 61 62 6c 65 73 3a 0a 23 20 20 20 24 74 6f 74 61 6c 20 28 4e 75 6d 62 65 72 29 20 2d 20 54 68 65 20 74 6f 74 61 6c 20 6e 75 6d 62 65 72 20 6f 66 20 75 73 65 72 73 20 75 73 69 6e 67 20 74 68 65 20 61 64 64 2d 6f 6e 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 74 6f 74 61 6c 2d 75 73 65 72 73 20 3d 0a 20 20 7b 20 24 74 6f 74 61 6c 20 2d 3e 0a 20 20 20 20 20 20 5b 6f 6e 65 5d 20 7b 20 24 74 6f 74 61 6c 20 7d 20 75 73 65 72 0a 20 20 20 20 20 2a 5b 6f 74 68 65 72 5d 20 7b 20 24 74 6f 74 61 6c 20 7d 20 75 73 65 72 73 0a 20 20 7d 0a 0a 23 23 20 46 69 72 65 66 6f 78 20 41 63 63 6f 75 6e 74 73 20 4d 65 73 73 61 67 65 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 62 6f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: } stars }# Variables:# $total (Number) - The total number of users using the add-oncfr-doorhanger-extension-total-users = { $total -> [one] { $total } user *[other] { $total } users }## Firefox Accounts Messagecfr-doorhanger-bo
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 6d 69 6c 65 73 74 6f 6e 65 2d 6f 6b 2d 62 75 74 74 6f 6e 20 3d 20 53 65 65 20 41 6c 6c 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 6d 69 6c 65 73 74 6f 6e 65 2d 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 20 3d 20 43 6c 6f 73 65 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 43 0a 0a 23 23 20 44 4f 48 20 4d 65 73 73 61 67 65 0a 0a 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 64 6f 68 2d 62 6f 64 79 20 3d 20 59 6f 75 72 20 70 72 69 76 61 63 79 20 6d 61 74 74 65 72 73 2e 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 20 6e 6f 77 20 73 65 63 75 72 65 6c 79 20 72 6f 75 74 65 73 20 79 6f 75 72 20 44 4e 53 20 72 65 71 75 65 73 74 73 20 77 68 65 6e 65 76
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: fr-doorhanger-milestone-ok-button = See All .accesskey = Scfr-doorhanger-milestone-close-button = Close .accesskey = C## DOH Messagecfr-doorhanger-doh-body = Your privacy matters. { -brand-short-name } now securely routes your DNS requests whenev
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 65 70 20 79 6f 75 20 70 72 6f 74 65 63 74 65 64 20 77 68 65 6e 20 62 72 6f 77 73 69 6e 67 20 69 6e 20 70 75 62 6c 69 63 20 70 6c 61 63 65 73 20 6c 69 6b 65 20 61 69 72 70 6f 72 74 73 20 61 6e 64 20 63 6f 66 66 65 65 20 73 68 6f 70 73 2e 0a 73 70 6f 74 6c 69 67 68 74 2d 70 75 62 6c 69 63 2d 77 69 66 69 2d 76 70 6e 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 53 74 61 79 20 70 72 69 76 61 74 65 20 77 69 74 68 20 7b 20 2d 6d 6f 7a 69 6c 6c 61 2d 76 70 6e 2d 62 72 61 6e 64 2d 6e 61 6d 65 20 7d 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 53 0a 73 70 6f 74 6c 69 67 68 74 2d 70 75 62 6c 69 63 2d 77 69 66 69 2d 76 70 6e 2d 6c 69 6e 6b 20 3d 20 4e 6f 74 20 4e 6f 77 0a 20 20 2e 61 63 63 65 73 73 6b 65 79 20 3d 20 4e 0a 0a 23 23 20 45 6d 6f 74 69 76 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ep you protected when browsing in public places like airports and coffee shops.spotlight-public-wifi-vpn-primary-button = Stay private with { -mozilla-vpn-brand-name } .accesskey = Sspotlight-public-wifi-vpn-link = Not Now .accesskey = N## Emotive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 61 74 65 2e 20 46 65 77 65 72 20 74 72 61 63 6b 65 72 73 2e 20 4e 6f 20 63 6f 6d 70 72 6f 6d 69 73 65 73 2e 0a 6d 72 32 30 32 32 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 75 70 64 61 74 65 2d 74 6f 61 73 74 2d 74 65 78 74 20 3d 20 54 72 79 20 74 68 65 20 6e 65 77 65 73 74 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 20 6e 6f 77 2c 20 75 70 67 72 61 64 65 64 20 77 69 74 68 20 6f 75 72 20 73 74 72 6f 6e 67 65 73 74 20 61 6e 74 69 2d 74 72 61 63 6b 69 6e 67 20 70 72 6f 74 65 63 74 69 6f 6e 20 79 65 74 2e 0a 0a 23 20 54 68 69 73 20 62 75 74 74 6f 6e 20 6c 61 62 65 6c 20 77 69 6c 6c 20 62 65 20 66 69 74 74 65 64 20 69 6e 74 6f 20 61 20 6e 61 72 72 6f 77 20 66 69 78 65 64 2d 77 69 64 74 68 20 62 75 74 74 6f 6e 20 62 79 0a 23 20 57 69 6e 64 6f 77
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ate. Fewer trackers. No compromises.mr2022-background-update-toast-text = Try the newest { -brand-short-name } now, upgraded with our strongest anti-tracking protection yet.# This button label will be fitted into a narrow fixed-width button by# Window
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 20 79 6f 75 20 73 61 66 65 2c 20 73 70 65 65 64 79 20 61 63 63 65 73 73 20 74 6f 20 74 68 65 20 67 6f 6f 64 20 69 6e 74 65 72 6e 65 74 2e 0a 6a 75 6c 79 2d 6a 61 6d 2d 73 65 74 2d 64 65 66 61 75 6c 74 2d 70 72 69 6d 61 72 79 20 3d 20 4f 70 65 6e 20 6d 79 20 6c 69 6e 6b 73 20 77 69 74 68 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 0a 66 6f 78 2d 64 6f 6f 64 6c 65 2d 70 69 6e 2d 68 65 61 64 6c 69 6e 65 20 3d 20 57 65 6c 63 6f 6d 65 20 62 61 63 6b 0a 0a 23 20 e2 80 9c 69 6e 64 69 65 e2 80 9d 20 69 73 20 73 68 6f 72 74 20 66 6f 72 20 74 68 65 20 74 65 72 6d 20 e2 80 9c 69 6e 64 65 70 65 6e 64 65 6e 74 e2 80 9d 2e 0a 23 20 49 6e 20 74 68 69 73 20 69 6e 73 74 61 6e 63 65 2c 20 66 72 65 65 20 66 72 6f 6d 20 6f 75 74 73 69 64 65 20 69 6e 66
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: you safe, speedy access to the good internet.july-jam-set-default-primary = Open my links with { -brand-short-name }fox-doodle-pin-headline = Welcome back# indie is short for the term independent.# In this instance, free from outside inf
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 65 64 20 61 63 72 6f 73 73 20 61 6c 6c 20 79 6f 75 72 20 64 65 76 69 63 65 73 2e 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 68 65 61 76 79 2d 75 73 65 72 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 47 65 74 20 73 74 61 72 74 65 64 0a 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 6f 6c 64 65 72 2d 64 65 76 69 63 65 2d 68 65 61 64 65 72 20 3d 20 50 65 61 63 65 20 6f 66 20 6d 69 6e 64 2c 20 66 72 6f 6d 20 7b 20 2d 62 72 61 6e 64 2d 70 72 6f 64 75 63 74 2d 6e 61 6d 65 20 7d 0a 64 65 76 69 63 65 2d 6d 69 67 72 61 74 69 6f 6e 2d 66 78 61 2d 73 70 6f 74 6c 69 67 68 74 2d 6f 6c 64 65 72 2d 64 65 76 69 63 65 2d 62 6f 64 79 20 3d 20 41 6e 20 61 63 63 6f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ed across all your devices.device-migration-fxa-spotlight-heavy-user-primary-button = Get starteddevice-migration-fxa-spotlight-older-device-header = Peace of mind, from { -brand-product-name }device-migration-fxa-spotlight-older-device-body = An acco
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 6e 64 20 65 64 69 74 20 50 44 46 73 20 73 61 76 65 64 20 74 6f 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 2e 0a 70 64 66 2d 64 65 66 61 75 6c 74 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 73 65 74 2d 64 65 66 61 75 6c 74 2d 62 75 74 74 6f 6e 20 3d 0a 20 20 20 20 2e 6c 61 62 65 6c 20 3d 20 53 65 74 20 61 73 20 64 65 66 61 75 6c 74 0a 70 64 66 2d 64 65 66 61 75 6c 74 2d 6e 6f 74 69 66 69 63 61 74 69 6f 6e 2d 64 65 63 6c 69 6e 65 2d 62 75 74 74 6f 6e 20 3d 0a 20 20 20 20 2e 6c 61 62 65 6c 20 3d 20 4e 6f 74 20 6e 6f 77 0a 0a 23 23 20 4c 61 75 6e 63 68 20 6f 6e 20 6c 6f 67 69 6e 20 69 6e 66 6f 62 61 72 20 6e 6f 74 69 66 69 63 61 74 69 6f 6e 0a 0a 6c 61 75 6e 63 68 2d 6f 6e 2d 6c 6f 67 69 6e 2d 69 6e 66 6f 62 61 72 2d 6d 65 73 73 61 67 65 20 3d 20 3c 73 74 72 6f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nd edit PDFs saved to your computer.pdf-default-notification-set-default-button = .label = Set as defaultpdf-default-notification-decline-button = .label = Not now## Launch on login infobar notificationlaunch-on-login-infobar-message = <stro
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:38 UTC1390INData Raw: 2d 74 69 74 6c 65 20 3d 20 4b 65 65 70 20 70 65 73 6b 79 20 74 72 61 63 6b 65 72 73 20 6f 66 66 20 79 6f 75 72 20 74 61 69 6c 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67 68 74 2d 73 75 62 74 69 74 6c 65 20 3d 20 53 61 79 20 67 6f 6f 64 62 79 65 20 74 6f 20 61 6e 6e 6f 79 69 6e 67 20 61 64 20 74 72 61 63 6b 65 72 73 20 61 6e 64 20 73 65 74 74 6c 65 20 69 6e 74 6f 20 61 20 73 61 66 65 72 2c 20 73 70 65 65 64 79 20 69 6e 74 65 72 6e 65 74 20 65 78 70 65 72 69 65 6e 63 65 2e 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67 68 74 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 20 3d 20 4f 70 65 6e 20 6d 79 20 6c 69 6e 6b 73 20 77 69 74 68 20 7b 20 2d 62 72 61 6e 64 2d 73 68 6f 72 74 2d 6e 61 6d 65 20 7d 0a 74 61 69 6c 2d 66 6f 78 2d 73 70 6f 74 6c 69 67
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -title = Keep pesky trackers off your tailtail-fox-spotlight-subtitle = Say goodbye to annoying ad trackers and settle into a safer, speedy internet experience.tail-fox-spotlight-primary-button = Open my links with { -brand-short-name }tail-fox-spotlig


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                14192.168.2.74979434.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:39 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/01e461df-d85d-4561-a852-205de2d67f32 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:25:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 419
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:39 UTC419OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 52 c1 4e c3 30 0c fd 17 5f 59 4b d2 b5 5d d7 1b 07 c4 09 90 28 88 0b 52 94 25 de 88 68 d3 92 a4 c0 34 ed df 49 52 6d 1a da 24 a4 a8 4a ec e7 f7 9e ed ee 60 50 7a c3 94 5e f7 50 ef c0 e2 27 d4 e5 0c ac e3 c6 31 a7 3a 84 1a 32 92 cd 13 4a 12 52 3c 93 aa ce e9 15 a1 35 21 30 03 d4 f2 1f cc 7e 06 a2 55 a8 dd 51 c1 61 8b 1d 3a b3 65 56 7e b0 d5 a8 5a e9 cb 8b 79 9a a5 81 72 ad 8c 75 cc 8c 9a 49 ee fe 12 1f 65 63 d1 21 4f 97 0b 9f a4 fe 3c 13 52 c7 73 15 bf 1e f8 ad b4 ec bf ed a4 c2 f4 d8 ad d0 40 4d 97 24 2f 66 c0 87 81 49 65 87 96 6f d9 17 1a ab 7a 1d e8 68 95 92 94 c2 94 3f d8 0b 26 c8 32 5b 64 f3 ac c8 2a 9f 6c 7b c1 db 20 8f 3a 79 69 7c a0 b7 a7 24 24 f6 12 18 c4 3b d7 1a 5b 1f 34 be 71 6e 31 62 fd f3 75 f2 16 60 46 bc 2b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: RN0_YK](R%h4IRm$J`Pz^P'1:2JR<5!0~UQa:eV~ZyruIec!O<Rs@M$/fIeozh?&2[d*l{ :yi|$$;[4qn1bu`F+
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:40 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                15192.168.2.74979734.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:40 UTC362OUTGET /v1/buckets/monitor/collections/changes/changeset?collection=whats-new-panel&bucket=main&_expected=0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:41 UTC555INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 241
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:04:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 916
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 14:57:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:41 UTC241INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 75 63 6b 65 74 22 3a 22 6d 6f 6e 69 74 6f 72 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 35 38 33 34 33 30 32 31 33 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 69 64 22 3a 22 31 36 31 31 63 31 37 36 2d 33 39 39 38 2d 66 33 64 66 2d 30 37 62 37 2d 63 31 38 35 38 31 33 38 64 34 38 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 31 37 30 33 30 35 37 33 31 33 37 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 77 68 61 74 73 2d 6e 65 77 2d 70 61 6e 65 6c 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 5d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"bucket":"monitor"},"timestamp":1733583430213,"changes":[{"id":"1611c176-3998-f3df-07b7-c1858138d48b","last_modified":1617030573137,"bucket":"main","collection":"whats-new-panel","host":"firefox.settings.services.mozilla.com"}]}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                16192.168.2.74980134.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:41 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/3b7fc3d4-90d3-48a3-834f-e61d315e9a5c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:25:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 425
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:41 UTC425OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 52 cb 6e db 30 10 fc 17 5e 23 a9 a4 ac 97 75 cb 21 e8 a9 2d 10 a5 e8 25 00 41 93 1b 87 a8 44 a9 5c 2a 89 11 f8 df cb 95 9c 07 60 03 01 08 09 1c ce ee cc 0e f9 ca 26 eb f6 d2 ba 87 91 b5 af 0c e1 1f 6b eb 84 61 50 3e c8 60 07 60 2d cb 79 be 49 05 4f 79 79 c7 9b b6 10 57 5c b4 9c b3 84 81 33 5f 70 8e 09 d3 bd 05 17 de 15 02 f4 30 40 f0 07 89 e6 af dc cd b6 37 b1 bc dc 64 79 46 2d 9f ad 33 e3 33 ae 07 d2 cd c3 0e 3c 6b c5 96 17 65 c2 56 d0 a8 40 8a 62 5b 47 39 11 d7 1d e7 ed b2 ae 96 6f ec f2 60 3d 06 e9 67 f7 46 fe b0 f7 6e 7e c4 88 ff 59 e5 e2 56 4d 93 34 16 a7 5e 1d e4 13 78 b4 a3 23 11 d1 64 3c 13 0b fd 33 cc 17 b3 54 f3 36 01 29 f0 6d 5e e7 9b bc cc 1b 3a f4 fa d1 06 d0 61 f6 e4 e0 a5 a9 64 55 44 bc 1f b5 ea 09 01 97 fe
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Rn0^#u!-%AD\*`&kaP>``-yIOyyW\3_p0@7dyF-33<keV@b[G9o`=gFn~YVM4^x#d<3T6)m^:adUD
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:42 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                17192.168.2.74980634.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:42 UTC385OUTGET /v1/buckets/main/collections/whats-new-panel/changeset?_expected=1617030573137 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:43 UTC555INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 699
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:06:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 783
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:43 UTC699INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 31 73 74 37 72 31 69 71 75 73 71 6c 66 31 30 6d 75 33 6b 6f 75 6f 71 70 70 38 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 36 6c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"signature":{"ref":"1st7r1iqusqlf10mu3kouoqpp8","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"6l


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                18192.168.2.74980934.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:43 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/758d1c71-5fff-4193-9977-7a57afa68bf7 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 423
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:43 UTC423OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 92 4d 4f b4 30 14 85 ff 4b b7 52 de 96 01 86 61 e7 c2 bc 2b 35 11 8d 1b 93 a6 d3 5e c7 46 28 d8 5b d4 89 99 ff 6e 0b e3 47 94 c4 a4 81 f4 72 ee 73 0f a7 7d 23 83 b1 3b 61 ec 7d 4f ea 37 82 f0 44 ea 2a 21 e8 a5 f3 c2 9b 0e 48 4d 32 96 ad 28 67 94 15 d7 ac aa 73 7e c2 78 cd 18 49 08 58 fd 87 e6 90 10 d5 1a b0 fe 73 82 87 16 3a f0 6e 2f 50 3f 8a ed 68 5a 1d da 8b 55 9a a5 11 39 15 84 96 3e 42 f9 66 1d 88 3c ac 6b c6 ea 69 9d 4c cf 20 bc 37 0e bd 70 a3 fd 10 7f 39 f8 f4 f7 62 ac ee 5f 70 9e 22 ec d8 6d c1 91 9a 6f 58 5e 24 a4 ed 95 6c 63 23 58 7a d3 04 75 8f 61 73 3b b7 84 ad 74 ea c1 78 50 7e 74 51 f5 5a 95 a2 cc 27 99 78 06 87 a6 b7 d1 21 9b 5c cb 61 10 ea 41 5a 0b 6d 28 ba f0 8b 12 e1 58 d7 06 87 56 ee bf 37 f1 2a 65 29 3f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MO0KRa+5^F([nGrs}#;a}O7D*!HM2(gs~xIXs:n/P?hZU9>Bf<kiL 7p9b_p"moX^$lc#Xzuas;txP~tQZ'x!\aAZm(XV7*e)?
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:44 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                19192.168.2.74981534.160.144.1914437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:44 UTC339OUTGET /chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:45 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Id-2: NbSAhD2NS0t5L1txrU2sAaZupXMcNHy/42xo+SXMP7fsnRVNSy/vPksQDKYXLS88iebavsTb58tZI7YYhOG66PvRijFMUhM0lnQTqqlnt64=
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Request-Id: GF8RH2APFAP20ZHB
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Server-Side-Encryption: AES256
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5348
                                                                                                                                                                                                                                                                                                                                                                                                                Server: AmazonS3
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:40:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2330
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 28 Nov 2024 13:03:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "e90b4b26f40b4131c1239c8340204be3"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: binary/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:45 UTC821INData Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 42 44 43 43 41 6f 75 67 41 77 49 42 41 67 49 49 47 41 77 6a 67 63 37 39 76 6b 63 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -----BEGIN CERTIFICATE-----MIIDBDCCAougAwIBAgIIGAwjgc79vkcwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:45 UTC1390INData Raw: 34 7a 43 4b 7a 56 46 38 57 50 78 32 6e 42 77 70 38 37 34 34 54 41 34 42 67 4e 56 48 52 45 45 4d 54 41 76 67 69 31 79 5a 57 31 76 64 47 55 74 63 32 56 30 0a 64 47 6c 75 5a 33 4d 75 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 44 0a 5a 77 41 77 5a 41 49 77 41 4d 42 6c 33 70 2f 38 30 69 7a 53 62 32 44 69 43 76 41 35 30 48 77 4a 35 51 6a 54 6b 30 67 4e 64 54 63 53 2f 71 61 5a 4e 43 52 35 75 47 35 48 56 69 4f 31 2b 54 49 75 0a 46 61 51 67 4e 30 69 4b 41 6a 42 59 45 79 48 34 6a 6d 58 69 64 2b 67 4b 61 67 4d 71 35 57 45 31 78 6a 74 61 48 6d 39 6a 31 79 6b 45 62 66 61 2b 66 6e 58 6c 35 49 48 58 4b 37 61 67 57 32 71 67 0a 4c 73 39 58 50 50 64 51
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4zCKzVF8WPx2nBwp8744TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMDZwAwZAIwAMBl3p/80izSb2DiCvA50HwJ5QjTk0gNdTcS/qaZNCR5uG5HViO1+TIuFaQgN0iKAjBYEyH4jmXid+gKagMq5WE1xjtaHm9j1ykEbfa+fnXl5IHXK7agW2qgLs9XPPdQ
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:45 UTC1390INData Raw: 4c 6e 42 6c 62 54 42 4f 42 67 4e 56 48 52 34 45 52 7a 42 46 6f 45 4d 77 49 49 49 65 0a 4c 6d 4e 76 62 6e 52 6c 62 6e 51 74 63 32 6c 6e 62 6d 46 30 64 58 4a 6c 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 42 2b 43 48 57 4e 76 62 6e 52 6c 62 6e 51 74 63 32 6c 6e 62 6d 46 30 0a 64 58 4a 6c 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 44 41 55 41 41 34 49 43 41 51 41 4c 65 55 75 46 2f 37 68 63 6d 4d 2f 4c 46 6e 4b 36 0a 36 61 35 6c 42 51 6b 35 7a 35 4a 42 72 32 62 4e 4e 76 4b 56 73 2f 6d 74 64 49 63 56 4b 63 78 6a 57 78 4f 42 4d 35 72 6f 72 5a 69 4d 35 55 57 45 37 42 6d 41 6d 38 45 37 67 46 43 43 71 33 30 79 0a 5a 6e 4e 6e 36 42 4f 30 34 7a 35 4c 74 44 52 48 78 61 33 49 47 68 67 45 43 6c 6f 79 4f 4a 55
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: LnBlbTBOBgNVHR4ERzBFoEMwIIIeLmNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMB+CHWNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMA0GCSqGSIb3DQEBDAUAA4ICAQALeUuF/7hcmM/LFnK66a5lBQk5z5JBr2bNNvKVs/mtdIcVKcxjWxOBM5rorZiM5UWE7BmAm8E7gFCCq30yZnNn6BO04z5LtDRHxa3IGhgECloyOJU
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:45 UTC1390INData Raw: 4d 66 4d 4e 7a 37 6d 4a 57 42 65 63 4a 67 76 6c 54 66 34 68 48 0a 4a 62 4c 7a 4d 50 73 49 55 61 75 7a 49 39 47 45 70 4c 66 48 64 5a 36 77 7a 53 79 46 4f 62 34 41 4d 2b 44 31 6d 78 41 57 68 75 5a 4a 33 4d 44 41 4a 4f 66 33 42 31 52 73 36 51 6f 72 48 72 6c 38 0a 71 71 6c 4e 74 50 47 71 65 70 6e 70 4e 4a 63 4c 6f 37 4a 73 53 71 71 45 33 4e 55 6d 37 32 4d 67 71 49 48 52 67 54 52 73 71 55 73 2b 37 4c 49 50 47 65 37 32 36 32 55 2b 4e 2f 54 30 4c 50 59 56 0a 4c 65 34 72 5a 32 52 44 48 6f 61 5a 68 59 59 37 61 39 2b 34 39 6d 48 4f 49 2f 67 32 59 46 42 2b 39 79 5a 6a 45 2b 58 64 70 6c 54 32 6b 42 67 41 34 50 38 64 62 37 69 37 49 30 74 49 69 34 62 30 0a 42 30 4e 36 79 39 4d 68 4c 2b 43 52 5a 4a 79 78 64 46 65 32 77 42 79 6b 4a 58 31 34 4c 73 68 65 4b 73 4d 31 61 7a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: MfMNz7mJWBecJgvlTf4hHJbLzMPsIUauzI9GEpLfHdZ6wzSyFOb4AM+D1mxAWhuZJ3MDAJOf3B1Rs6QorHrl8qqlNtPGqepnpNJcLo7JsSqqE3NUm72MgqIHRgTRsqUs+7LIPGe7262U+N/T0LPYVLe4rZ2RDHoaZhYY7a9+49mHOI/g2YFB+9yZjE+XdplT2kBgA4P8db7i7I0tIi4b0B0N6y9MhL+CRZJyxdFe2wBykJX14LsheKsM1az
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:45 UTC357INData Raw: 71 33 47 69 55 4d 4b 5a 35 44 56 52 68 39 2f 4e 76 6d 34 4e 77 72 54 66 42 33 51 6b 51 51 4a 43 77 66 58 76 4f 39 70 77 6e 50 4b 74 49 53 59 6b 5a 55 71 68 45 71 76 58 6b 35 6e 42 67 0a 51 43 6b 44 53 4c 44 6a 58 54 78 33 39 6e 61 42 42 47 49 56 49 71 42 74 4b 4b 75 56 54 6c 61 39 65 6e 6e 67 64 71 36 39 32 78 58 2f 43 67 4f 36 51 4a 56 72 77 70 71 64 47 6a 65 62 6a 35 50 38 0a 35 66 4e 5a 50 41 42 7a 54 65 7a 47 33 55 6c 73 35 56 70 2b 34 69 49 57 56 41 45 44 6b 4b 32 33 63 55 6a 33 63 2f 48 68 45 2b 4f 6f 37 6b 78 66 55 65 75 35 59 31 5a 56 33 71 72 36 31 2b 36 74 0a 5a 41 52 4b 6a 62 75 31 54 75 59 51 48 66 30 66 73 2b 47 77 49 44 38 7a 65 4c 63 32 7a 4a 4c 37 55 7a 63 48 46 77 77 51 36 4e 64 61 39 4f 4a 4e 34 75 50 41 75 43 2f 42 4b 61 49 70 78 43 4c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: q3GiUMKZ5DVRh9/Nvm4NwrTfB3QkQQJCwfXvO9pwnPKtISYkZUqhEqvXk5nBgQCkDSLDjXTx39naBBGIVIqBtKKuVTla9enngdq692xX/CgO6QJVrwpqdGjebj5P85fNZPABzTezG3Uls5Vp+4iIWVAEDkK23cUj3c/HhE+Oo7kxfUeu5Y1ZV3qr61+6tZARKjbu1TuYQHf0fs+GwID8zeLc2zJL7UzcHFwwQ6Nda9OJN4uPAuC/BKaIpxCL


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                20192.168.2.74982034.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:46 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/e6e57dc0-d354-4d4a-8374-548b8e2bcc5d HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 427
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:46 UTC427OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 52 c1 6e a3 30 14 fc 17 5f 8b 59 9b 00 01 6e 3d 54 7b da 5d a9 74 b5 97 4a 96 63 bf 26 d6 82 a1 7e a6 69 54 e5 df 6b 43 9b 54 4a a4 4a 16 88 f1 78 66 3c 8f 37 32 1a bb 15 c6 3e 0d a4 79 23 08 cf a4 a9 13 82 5e 3a 2f bc e9 81 34 24 63 d9 8a 72 46 59 f1 c0 aa 26 e7 37 8c 37 8c 91 84 80 d5 df 70 8e 09 51 9d 01 eb 4f 0e 1e 3a e8 c1 bb 83 40 fd 5f 6c 26 d3 e9 70 bc 58 a5 59 1a 25 e5 38 9e c0 a8 c9 ea 6c 9d ad b2 22 ab e2 a6 53 3b e3 41 f9 c9 45 cf d7 aa 14 65 1e f0 6e 50 b2 8b 08 58 fa b7 0d c0 80 e1 e3 9f b1 7a d8 e3 87 a8 36 38 76 f2 20 5e c0 a1 19 6c d8 e7 bc 4a 59 ca 67 fa 57 98 9d 82 a8 9d b4 16 ba 00 ba 90 5a 22 04 7c 0e 27 b4 f4 d1 8f d7 eb 70 65 1e d6 03 63 cd bc 6e e6 67 20 ee 17 fb e5 36 c2 4e fd 06 1c 69 78 cd f2 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Rn0_Yn=T{]tJc&~iTkCTJJxf<72>y#^:/4$crFY&77pQO:@_l&pXY%8l"S;AEenPXz68v ^lJYgWZ"|'pecng 6Nix"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                21192.168.2.74982234.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC323OUTGET /v1/buckets/monitor/collections/changes/changeset?_expected=0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 32355
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:33:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2794
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 09:50:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 75 63 6b 65 74 22 3a 22 6d 6f 6e 69 74 6f 72 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 35 36 35 30 31 36 32 36 31 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 69 64 22 3a 22 33 66 61 64 62 31 36 39 2d 65 35 64 65 2d 61 32 66 30 2d 33 37 34 65 2d 36 65 65 62 33 65 61 63 33 64 62 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 36 31 35 31 33 30 32 37 38 2c 22 62 75 63 6b 65 74 22 3a 22 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 67 66 78 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 63 35 32 31 62 34 34 33 2d 33 36 38 66 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"bucket":"monitor"},"timestamp":1733565016261,"changes":[{"id":"3fadb169-e5de-a2f0-374e-6eeb3eac3dbb","last_modified":1731615130278,"bucket":"blocklists","collection":"gfx","host":"firefox.settings.services.mozilla.com"},{"id":"c521b443-368f-
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 75 63 6b 65 74 22 3a 22 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 61 64 64 6f 6e 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 30 36 31 64 34 35 38 34 2d 61 63 64 30 2d 66 65 63 63 2d 62 35 66 62 2d 64 63 66 65 30 61 64 35 65 31 32 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 32 34 33 38 38 35 31 34 37 38 34 2c 22 62 75 63 6b 65 74 22 3a 22 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 71 61 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ucket":"blocklists","collection":"addons","host":"firefox.settings.services.mozilla.com"},{"id":"061d4584-acd0-fecc-b5fb-dcfe0ad5e123","last_modified":1624388514784,"bucket":"blocklists","collection":"qa","host":"firefox.settings.services.mozilla.com"},{"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6e 65 77 74 61 62 2d 77 61 6c 6c 70 61 70 65 72 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 33 30 31 62 35 65 35 38 2d 65 65 63 39 2d 34 66 31 65 2d 32 66 39 37 2d 30 39 61 62 65 64 66 65 66 36 32 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 33 31 33 36 36 36 35 36 34 32 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 74 6f 70 2d 73 69 74 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ":"main","collection":"newtab-wallpapers","host":"firefox.settings.services.mozilla.com"},{"id":"301b5e58-eec9-4f1e-2f97-09abedfef627","last_modified":1723136665642,"bucket":"main","collection":"top-sites","host":"firefox.settings.services.mozilla.com"},{
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6d 6c 2d 6f 6e 6e 78 2d 72 75 6e 74 69 6d 65 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 35 30 31 35 38 33 63 61 2d 64 35 38 30 2d 35 31 64 65 2d 30 35 38 34 2d 64 61 62 30 38 31 30 32 35 30 36 64 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 31 39 31 32 30 35 37 38 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6e 69 6d 62 75 73 2d 64 65 73 6b 74 6f 70 2d 65 78 70 65 72 69 6d 65 6e 74 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bucket":"main","collection":"ml-onnx-runtime","host":"firefox.settings.services.mozilla.com"},{"id":"501583ca-d580-51de-0584-dab08102506d","last_modified":1733519120578,"bucket":"main","collection":"nimbus-desktop-experiments","host":"firefox.settings.ser
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 75 72 6c 62 61 72 2d 70 65 72 73 69 73 74 65 64 2d 73 65 61 72 63 68 2d 74 65 72 6d 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 32 61 39 36 64 32 63 32 2d 65 65 32 63 2d 39 32 64 39 2d 34 34 31 35 2d 33 39 39 36 64 64 31 61 65 66 34 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 30 30 30 34 36 38 38 32 34 36 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 75 72 6c 2d 63 6c 61 73 73 69 66 69 65 72 2d 73 6b 69 70 2d 75 72 6c 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: et":"main","collection":"urlbar-persisted-search-terms","host":"firefox.settings.services.mozilla.com"},{"id":"2a96d2c2-ee2c-92d9-4415-3996dd1aef47","last_modified":1720004688246,"bucket":"main","collection":"url-classifier-skip-urls","host":"firefox.sett
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 36 65 62 35 63 37 64 35 2d 64 30 36 33 2d 33 34 66 32 2d 66 37 66 36 2d 30 34 34 30 64 30 32 39 36 37 32 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 31 38 32 34 37 33 30 36 35 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 63 6f 6e 74 65 6e 74 2d 72 65 6c 65 76 61 6e 63 65 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 38 62 38 37 38 30 33 38 2d 66 32 30 39 2d 36 31 37 39 2d 64 39 38 31 2d 32 65 62 66 30 61 35 63 30 32 31 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 37 36 39 31 32 38 38 37 39 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6eb5c7d5-d063-34f2-f7f6-0440d029672b","last_modified":1726182473065,"bucket":"main","collection":"content-relevance","host":"firefox.settings.services.mozilla.com"},{"id":"8b878038-f209-6179-d981-2ebf0a5c0214","last_modified":1726769128879,"bucket":"main"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 63 39 61 33 36 39 65 37 2d 63 62 65 32 2d 66 36 31 37 2d 30 65 62 66 2d 63 35 65 38 39 32 62 38 32 39 65 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 32 30 33 38 34 36 34 35 32 32 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 66 61 6b 65 73 70 6f 74 2d 73 75 67 67 65 73 74 2d 70 72 6f 64 75 63 74 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 32 38 66 30 65 37 66 64 2d 37 61 66 37 2d 36 31 37 66 2d 65 62 61 33 2d 62 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :"firefox.settings.services.mozilla.com"},{"id":"c9a369e7-cbe2-f617-0ebf-c5e892b829e4","last_modified":1732038464522,"bucket":"main","collection":"fakespot-suggest-products","host":"firefox.settings.services.mozilla.com"},{"id":"28f0e7fd-7af7-617f-eba3-ba
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 6e 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 38 35 66 63 38 63 36 61 2d 37 35 66 63 2d 35 30 31 65 2d 39 64 34 62 2d 30 38 33 30 36 62 37 66 38 31 65 36 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 37 32 31 32 36 30 38 39 38 31 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6d 6f 7a 2d 65 73 73 65 6e 74 69 61 6c 2d 64 6f 6d 61 69 6e 2d 66 61 6c 6c 62 61 63 6b 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 37 31 34 62 36 39 66 33 2d 36 39 66
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n","host":"firefox.settings.services.mozilla.com"},{"id":"85fc8c6a-75fc-501e-9d4b-08306b7f81e6","last_modified":1727212608981,"bucket":"main","collection":"moz-essential-domain-fallbacks","host":"firefox.settings.services.mozilla.com"},{"id":"714b69f3-69f
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 63 2d 73 75 66 66 69 78 2d 6c 69 73 74 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 30 64 36 31 65 33 65 63 2d 63 37 30 38 2d 62 38 33 39 2d 35 31 32 61 2d 65 30 39 63 33 66 35 66 31 38 38 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 35 38 31 37 30 33 32 30 35 33 37 34 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 70 65 72 73 6f 6e 61 6c 69 74 79 2d 70 72 6f 76 69 64 65 72 2d 6d 6f 64 65 6c 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 35 62 31
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c-suffix-list","host":"firefox.settings.services.mozilla.com"},{"id":"0d61e3ec-c708-b839-512a-e09c3f5f1880","last_modified":1581703205374,"bucket":"main","collection":"personality-provider-models","host":"firefox.settings.services.mozilla.com"},{"id":"5b1
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC1390INData Raw: 65 63 74 69 6f 6e 22 3a 22 68 69 6a 61 63 6b 2d 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 36 66 63 64 33 37 39 62 2d 38 33 66 63 2d 31 31 31 63 2d 65 37 66 35 2d 63 39 66 61 39 64 37 63 61 66 32 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 30 37 30 34 32 31 34 33 35 39 30 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 70 69 6f 6e 65 65 72 2d 73 74 75 64 79 2d 61 64 64 6f 6e 73 2d 76 31 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ection":"hijack-blocklists","host":"firefox.settings.services.mozilla.com"},{"id":"6fcd379b-83fc-111c-e7f5-c9fa9d7caf25","last_modified":1607042143590,"bucket":"main","collection":"pioneer-study-addons-v1","host":"firefox.settings.services.mozilla.com"},{


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                22192.168.2.74982135.244.181.2014437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC459OUTGET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: aus5.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC454INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 702
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-ID: 17933
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-Data-Version: 1
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000;
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
                                                                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache-Status: MISS
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=90
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC702INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 75 70 64 61 74 65 20 61 63 74 69 6f 6e 73 3d 22 73 68 6f 77 55 52 4c 22 20 61 70 70 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 62 75 69 6c 64 49 44 3d 22 32 30 32 34 30 36 30 36 31 38 31 39 34 34 22 20 64 65 74 61 69 6c 73 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 72 65 6c 65 61 73 65 6e 6f 74 65 73 2f 22 20 64 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 6f 70 65 6e 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 77 68 61 74 73 6e 65 77
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0"?><updates> <update actions="showURL" appVersion="127.0" buildID="20240606181944" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" openURL="https://www.mozilla.org/firefox/127.0/whatsnew


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                23192.168.2.74982335.190.72.2164437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC338OUTGET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: location.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                24192.168.2.74982434.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC465OUTPOST /submit/messaging-system/undesired-events/1/388919aa-2060-4a8b-b2e8-c905137d7ca5 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 333
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC333OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 7d 90 c1 6e c2 30 10 44 ff c5 67 96 26 0e 81 c0 8d 03 ea a9 ad 44 d4 73 b4 71 56 c4 92 e3 44 b6 81 b4 88 7f ef 9a 42 69 25 d4 9b b5 3b f3 3c b3 27 41 e3 40 4e 77 64 83 17 ab 93 50 fe 00 ba 1b 7a 17 c0 91 21 f4 04 ae 37 a6 df 87 b8 ad 1d 5a d5 8a 95 20 8b b5 21 b8 ab c5 79 22 3a 3d 52 03 aa b7 81 69 60 e8 40 06 e4 c5 0e ec ff e1 a5 69 f6 87 15 0d 2c 8a 04 4f 6e 00 6c 20 b0 b4 a3 e0 3e 1e 7e fe cb b0 1f 76 0e 1b 02 3f f4 c1 e8 5d 1b 1e 1a 82 23 0c b1 62 b4 d0 c8 f1 bc ee ad 87 4e b3 3b f0 13 b4 bd b5 3e ea 4f 74 0d 87 9c ff ff 37 93 4c af d0 d0 e5 1a f0 5e 8a 89 38 90 8b 60 9e a4 69 31 4d a6 29 cf ae ad 2b d5 a2 b5 64 78 77 9d f0 8e 2f c4 99 56 62 5d 6e ab 6d 59 bd be 55 2f 9b b2 5c 3f 6f 22 ac 23 ef 71 47 95 6e 58 61 9f f0 a6
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }n0Dg&DsqVDBi%;<'A@NwdPz!7Z !y":=Ri`@i,Onl >~v?]#bN;>Ot7L^8`i1M)+dxw/Vb]nmYU/\?o"#qGnXa
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                25192.168.2.74982534.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC465OUTPOST /submit/messaging-system/undesired-events/1/ec828cea-bda1-4e5f-b3bf-3c6f0cff2991 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 333
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:48 UTC333OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 7d 90 c1 6e c2 30 10 44 ff c5 67 96 26 0e 81 c0 8d 03 ea a9 ad 44 d4 73 b4 71 56 c4 92 e3 44 b6 81 b4 88 7f ef 9a 42 69 25 d4 9b b5 3b f3 3c b3 27 41 e3 40 4e 77 64 83 17 ab 93 50 fe 00 ba 1b 7a 17 c0 91 21 f4 04 ae 37 a6 df 87 b8 ad 1d 5a d5 8a 95 20 8b b5 21 b8 ab c5 79 22 3a 3d 52 03 aa b7 81 69 60 e8 40 06 e4 c5 0e ec ff e1 a5 69 f6 87 15 0d 2c 8a 04 4f 6e 00 6c 20 b0 b4 a3 e0 3e 1e 7e fe cb b0 1f 76 0e 1b 02 3f f4 c1 e8 5d 1b 1e 1a 82 23 0c b1 62 b4 d0 c8 f1 bc ee ad 87 4e b3 3b f0 13 b4 bd b5 3e ea 4f 74 0d 87 9c ff ff 37 93 4c af d0 d0 e5 1a f0 5e 8a 89 38 90 8b 60 9e a4 69 31 4d a6 29 cf ae ad 2b d5 a2 b5 64 78 77 9d f0 8e 2f c4 99 56 62 5d 6e ab 6d 59 bd be 55 2f 9b b2 5c 3f 6f 22 ac 23 ef 71 47 95 6e 58 61 9f f0 a6
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }n0Dg&DsqVDBi%;<'A@NwdPz!7Z !y":=Ri`@i,Onl >~v?]#bN;>Ot7L^8`i1M)+dxw/Vb]nmYU/\?o"#qGnXa
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:51 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                26192.168.2.74982635.201.103.214437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:49 UTC270OUTGET /api/v1/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: normandy.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 598
                                                                                                                                                                                                                                                                                                                                                                                                                allow: GET, HEAD, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                content-security-policy: object-src 'none'; form-action 'self'; worker-src 'none'; base-uri 'none'; block-all-mixed-content; default-src 'self' https://normandy.cdn.mozilla.net/; frame-src 'none'; report-uri /__cspreport__
                                                                                                                                                                                                                                                                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                                                                                                                strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Fri, 06 Dec 2024 23:51:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept, Origin
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 55732
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC598INData Raw: 7b 22 61 63 74 69 6f 6e 2d 6c 69 73 74 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 6f 72 6d 61 6e 64 79 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 61 70 69 2f 76 31 2f 61 63 74 69 6f 6e 2f 22 2c 22 61 63 74 69 6f 6e 2d 73 69 67 6e 65 64 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 6f 72 6d 61 6e 64 79 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 61 70 69 2f 76 31 2f 61 63 74 69 6f 6e 2f 73 69 67 6e 65 64 2f 22 2c 22 61 70 70 72 6f 76 61 6c 72 65 71 75 65 73 74 2d 6c 69 73 74 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 6f 72 6d 61 6e 64 79 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 61 70 69 2f 76 31 2f 61 70 70 72 6f 76 61 6c 5f 72 65 71 75 65 73 74 2f 22 2c 22 63 6c 61 73 73 69 66 79 2d 63 6c 69 65 6e 74 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6c 61 73 73 69 66
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"action-list":"https://normandy.cdn.mozilla.net/api/v1/action/","action-signed":"https://normandy.cdn.mozilla.net/api/v1/action/signed/","approvalrequest-list":"https://normandy.cdn.mozilla.net/api/v1/approval_request/","classify-client":"https://classif


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                27192.168.2.749827151.101.193.914437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:50 UTC621OUTGET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cwikipedia%40search.mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org&lang=en-US HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: services.addons.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC1354INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 82
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Allow: GET, HEAD, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                X-AMO-Request-ID: 4fcaf320a002471cb51675f2a397eb87
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "4f822d39c269d2c47e3174b6c6bad3b7"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; form-action 'self'; object-src 'none'; child-src https://www.recaptcha.net/recaptcha/; media-src https://videos.cdn.mozilla.net; font-src 'self' https://addons.mozilla.org/static-server/; script-src https://*.google-analytics.com https://*.googletagmanager.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; frame-src https://www.recaptcha.net/recaptcha/; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/ https://*.google-analytics.com https://*.googletagmanager.com; report-uri /__cspreport__
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; object-src 'none'; report-uri /__cspreport__
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC550INData Raw: 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 4f 70 65 6e 65 72 2d 50 6f 6c 69 63 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 36 30 30 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 30 0d 0a 56 69 61 3a 20 31 2e 31 20 67 6f 6f 67 6c 65 2c 20 31 2e 31 20 76 61 72 6e 69 73 68
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Strict-Transport-Security: max-age=300X-Content-Type-Options: nosniffX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-originCache-Control: max-age=3600X-XSS-Protection: 0Via: 1.1 google, 1.1 varnish
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC82INData Raw: 7b 22 70 61 67 65 5f 73 69 7a 65 22 3a 32 35 2c 22 70 61 67 65 5f 63 6f 75 6e 74 22 3a 31 2c 22 63 6f 75 6e 74 22 3a 30 2c 22 6e 65 78 74 22 3a 6e 75 6c 6c 2c 22 70 72 65 76 69 6f 75 73 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 73 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"page_size":25,"page_count":1,"count":0,"next":null,"previous":null,"results":[]}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                28192.168.2.749834216.58.208.2284437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:52 UTC387OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,*/*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Referer: https://accounts.google.com/
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:56 UTC706INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                                                                                                                                                                                                                                                                                                                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5430
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Server: sffe
                                                                                                                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Fri, 06 Dec 2024 14:50:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Expires: Sat, 14 Dec 2024 14:50:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=691200
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: image/x-icon
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 88174
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:56 UTC684INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: h& ( 0.v]X:X:rY
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:56 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:56 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:56 UTC1390INData Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: BBBBBBBF!4I
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:56 UTC576INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: $'


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                29192.168.2.74983534.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/7b2ddd96-6d27-491a-a7e0-811ed320f1f0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 429
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:53 UTC429OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 52 4d 4f eb 30 10 fc 2f be 52 e7 d9 69 92 a6 b9 71 40 ef f4 1e 12 01 71 41 b2 5c 7b 69 2d 12 27 d8 0e a5 42 fd ef ac 93 f2 d9 22 24 2b 91 67 67 c7 e3 59 bf 90 de d8 b5 30 f6 be 23 d5 0b f1 f0 48 2a ce 66 c4 07 e9 82 08 a6 05 52 91 94 a5 73 ca 19 65 f9 35 2b ab 8c 9f 31 5e 31 46 66 04 ac fe 85 b3 9f 11 d5 18 b0 e1 fd 88 00 0d b4 10 dc 4e 78 fd 20 56 83 69 34 b6 e7 f3 24 4d a2 a4 74 6a 63 02 a8 30 b8 28 fb 5c 16 a2 c8 22 de f7 42 6d a4 b5 d0 20 ec 50 44 7a 38 e0 6f 22 d1 03 5b a6 8b 74 9e e6 69 89 c5 a6 53 b2 89 32 60 e9 4d 8d 40 e7 71 73 6b ac ee b6 fe d0 ac 8d ef 1b b9 13 4f e0 bc e9 2c d6 39 2f 13 96 f0 91 fe 19 66 a3 c1 ed d4 3d 1d 2a ec d0 ae c0 61 66 4b 96 e5 33 72 6f 9c 0f c2 0d 56 68 19 be c6 f2 1e da d4 78 a8 f3 e5
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: RMO0/Riq@qA\{i-'B"$+ggY0#H*fRse5+1^1FfNx Vi4$Mtjc0(\"Bm PDz8o"[tiS2`M@qskO,9/f=*afK3roVhx
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:57 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                30192.168.2.74983634.107.243.934437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:54 UTC604OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: push.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                                                                                                                                                                                                                Origin: wss://push.services.mozilla.com/
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Protocol: push-notification
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Key: qCMt+/uUnBHhiBkxchyA4Q==
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive, Upgrade
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:01 UTC220INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 81
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 15:20:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:01 UTC81INData Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                31192.168.2.74983735.244.181.2014437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:19:59 UTC428OUTGET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: aus5.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:07 UTC744INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 715
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-ID: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-Data-Version: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain; p384ecdsa=lyt4EI8Q0WBC7cLjcdhJiorbx3WtIt-fXV6sdhSgOrP2ZJFk_fNk3VXo2b4IFcuW6HT31jOIvvI7Ya0NUljUlxS4GmIcwGEurUUupnxRtCubXJKN8Zq_uxSrKzT8daCb
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000;
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
                                                                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache-Status: MISS
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=90
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:07 UTC646INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 77 69 6e 36 34 2d 33 31 63 34 64 32 65 34 61 30 33 37 35 32 36 66 64 33 30 64 34 65 35 63 33 39 66 36 30 38 38 35 39 38 36 63 66 38 36 35 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 62 36 36 37 30 38 36 65 64 34 39 35 37 39 35 39 32 64 34 33 35 64 66 32 62 34 38 36 66 65 33 30 62 61 31 62 36 32 64 64 64 31 36
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip" hashFunction="sha512" hashValue="b667086ed49579592d435df2b486fe30ba1b62ddd16
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:07 UTC69INData Raw: 34 37 64 22 20 73 69 7a 65 3d 22 31 34 34 38 35 38 36 32 22 20 76 65 72 73 69 6f 6e 3d 22 34 2e 31 30 2e 32 37 31 30 2e 30 22 2f 3e 0a 20 20 20 20 3c 2f 61 64 64 6f 6e 73 3e 0a 3c 2f 75 70 64 61 74 65 73 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 47d" size="14485862" version="4.10.2710.0"/> </addons></updates>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                32192.168.2.74983834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:00 UTC406OUTGET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1731615130278&_since=%221692730580117%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 8505
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:39:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2411
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 00:00:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 47 66 78 22 2c 22 64 65 66 61 75 6c 74 22 3a 7b 22 6f 73 22 3a 22 22 2c 22 76 65 6e 64 6f 72 22 3a 22 22 2c 22 64 65 76 69 63 65 73 22 3a 5b 5d 2c 22 66 65 61 74 75 72 65 22 3a 22 22 2c 22 68 61 72 64 77 61 72 65 22 3a 22 22 2c 22 64 72 69 76 65 72 56 65 6e 64 6f 72 22 3a 22 22 2c 22 64 72 69 76 65 72 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 66 65 61 74 75 72 65 53 74 61 74 75 73 22 3a 22 22 2c 22 77 69 6e 64 6f 77 50 72 6f 74 6f 63 6f 6c 22 3a 22 22 2c 22 64 72 69 76 65 72 56 65 72 73 69 6f 6e 4d 61 78 22 3a 22 22 2c 22 64 65 73 6b 74 6f 70 45
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","title":"Gfx","default":{"os":"","vendor":"","devices":[],"feature":"","hardware":"","driverVendor":"","driverVersion":"","featureStatus":"","windowProtocol":"","driverVersionMax":"","desktopE
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC1390INData Raw: 3a 22 41 20 76 65 6e 64 6f 72 20 69 64 65 6e 74 69 66 69 65 72 2c 20 65 67 2e 20 30 78 31 30 30 32 22 7d 2c 22 62 6c 6f 63 6b 49 44 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 49 6e 74 65 72 6e 61 6c 20 62 6c 6f 63 6b 6c 69 73 74 20 69 64 22 2c 22 70 61 74 74 65 72 6e 22 3a 22 5e 67 5b 30 2d 39 5d 2b 24 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4f 72 69 67 69 6e 61 6c 20 62 6c 6f 63 6b 20 69 64 2c 20 65 67 2e 20 67 32 38 22 7d 2c 22 64 65 74 61 69 6c 73 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 44 65 74 61 69 6c 73 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 6e 61 6d 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 62 75 67 22 3a 7b 22 74 79 70 65 22 3a 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :"A vendor identifier, eg. 0x1002"},"blockID":{"type":"string","title":"Internal blocklist id","pattern":"^g[0-9]+$","description":"Original block id, eg. g28"},"details":{"type":"object","title":"Details","required":["name"],"properties":{"bug":{"type":"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC1390INData Raw: 4f 56 45 52 4c 41 59 22 2c 22 56 50 38 5f 48 57 5f 44 45 43 4f 44 45 22 2c 22 56 50 39 5f 48 57 5f 44 45 43 4f 44 45 22 2c 22 57 45 42 47 4c 32 22 2c 22 57 45 42 47 4c 5f 4f 50 45 4e 47 4c 22 2c 22 57 45 42 47 4c 5f 41 4e 47 4c 45 22 2c 22 57 45 42 47 4c 5f 4d 53 41 41 22 2c 22 57 45 42 47 4c 5f 55 53 45 5f 48 41 52 44 57 41 52 45 22 2c 22 57 45 42 47 50 55 22 2c 22 57 45 42 52 45 4e 44 45 52 22 2c 22 57 45 42 52 45 4e 44 45 52 5f 43 4f 4d 50 4f 53 49 54 4f 52 22 2c 22 57 45 42 52 45 4e 44 45 52 5f 4f 50 54 49 4d 49 5a 45 44 5f 53 48 41 44 45 52 53 22 2c 22 57 45 42 52 45 4e 44 45 52 5f 50 41 52 54 49 41 4c 5f 50 52 45 53 45 4e 54 22 2c 22 57 45 42 52 45 4e 44 45 52 5f 53 43 49 53 53 4f 52 45 44 5f 43 41 43 48 45 5f 43 4c 45 41 52 53 22 2c 22 57 45 42 52
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: OVERLAY","VP8_HW_DECODE","VP9_HW_DECODE","WEBGL2","WEBGL_OPENGL","WEBGL_ANGLE","WEBGL_MSAA","WEBGL_USE_HARDWARE","WEBGPU","WEBRENDER","WEBRENDER_COMPOSITOR","WEBRENDER_OPTIMIZED_SHADERS","WEBRENDER_PARTIAL_PRESENT","WEBRENDER_SCISSORED_CACHE_CLEARS","WEBR
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC1390INData Raw: 20 28 46 69 72 65 66 6f 78 20 38 33 29 22 2c 22 56 49 44 45 4f 5f 4f 56 45 52 4c 41 59 20 28 46 69 72 65 66 6f 78 20 31 30 30 29 22 2c 22 56 49 44 45 4f 5f 53 4f 46 54 57 41 52 45 5f 4f 56 45 52 4c 41 59 20 28 46 69 72 65 66 6f 78 20 31 33 32 29 22 2c 22 56 50 38 5f 48 57 5f 44 45 43 4f 44 45 20 28 46 69 72 65 66 6f 78 20 31 30 30 29 22 2c 22 56 50 39 5f 48 57 5f 44 45 43 4f 44 45 20 28 46 69 72 65 66 6f 78 20 31 30 30 29 22 2c 22 57 45 42 47 4c 32 20 28 46 69 72 65 66 6f 78 20 35 34 29 22 2c 22 57 45 42 47 4c 5f 4f 50 45 4e 47 4c 20 28 41 6c 77 61 79 73 29 22 2c 22 57 45 42 47 4c 5f 41 4e 47 4c 45 20 28 41 6c 77 61 79 73 29 22 2c 22 57 45 42 47 4c 5f 4d 53 41 41 20 28 41 6c 77 61 79 73 29 22 2c 22 57 45 42 47 4c 5f 55 53 45 5f 48 41 52 44 57 41 52 45 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: (Firefox 83)","VIDEO_OVERLAY (Firefox 100)","VIDEO_SOFTWARE_OVERLAY (Firefox 132)","VP8_HW_DECODE (Firefox 100)","VP9_HW_DECODE (Firefox 100)","WEBGL2 (Firefox 54)","WEBGL_OPENGL (Always)","WEBGL_ANGLE (Always)","WEBGL_MSAA (Always)","WEBGL_USE_HARDWARE
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC1390INData Raw: 65 22 2c 22 64 65 66 61 75 6c 74 22 3a 7b 22 6d 61 78 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 6d 69 6e 56 65 72 73 69 6f 6e 22 3a 22 22 7d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 6d 61 78 56 65 72 73 69 6f 6e 22 3a 7b 22 24 72 65 66 22 3a 22 23 2f 64 65 66 69 6e 69 74 69 6f 6e 73 2f 6d 61 78 56 65 72 73 69 6f 6e 22 7d 2c 22 6d 69 6e 56 65 72 73 69 6f 6e 22 3a 7b 22 24 72 65 66 22 3a 22 23 2f 64 65 66 69 6e 69 74 69 6f 6e 73 2f 6d 69 6e 56 65 72 73 69 6f 6e 22 7d 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 56 65 72 73 69 6f 6e 20 72 61 6e 67 65 22 2c 22 61 64 64 69 74 69 6f 6e 61 6c 50 72 6f 70 65 72 74 69 65 73 22 3a 66 61 6c 73 65 7d 2c 22 64 72 69 76 65 72 56 65 72 73 69 6f 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e","default":{"maxVersion":"","minVersion":""},"properties":{"maxVersion":{"$ref":"#/definitions/maxVersion"},"minVersion":{"$ref":"#/definitions/minVersion"}},"description":"Version range","additionalProperties":false},"driverVersion":{"type":"string","t
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC1390INData Raw: 72 69 76 65 72 20 76 65 72 73 69 6f 6e 20 63 6f 6d 70 61 72 61 74 6f 72 22 7d 7d 2c 22 64 65 66 69 6e 69 74 69 6f 6e 73 22 3a 7b 22 6d 61 78 56 65 72 73 69 6f 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4d 61 78 20 76 65 72 73 69 6f 6e 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6d 61 78 69 6d 75 6d 20 76 65 72 73 69 6f 6e 2e 22 7d 2c 22 6d 69 6e 56 65 72 73 69 6f 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4d 69 6e 20 76 65 72 73 69 6f 6e 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6d 69 6e 69 6e 75 6d 20 76 65 72 73 69 6f 6e 2e 22 7d 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 41 20 67 72 61 70 68 69 63 20 64 72 69 76 65 72
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: river version comparator"}},"definitions":{"maxVersion":{"type":"string","title":"Max version","description":"The maximum version."},"minVersion":{"type":"string","title":"Min version","description":"The mininum version."}},"description":"A graphic driver
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC722INData Raw: 61 74 75 72 65 53 74 61 74 75 73 22 3a 22 42 4c 4f 43 4b 45 44 5f 44 45 56 49 43 45 22 2c 22 77 69 6e 64 6f 77 50 72 6f 74 6f 63 6f 6c 22 3a 22 22 2c 22 64 72 69 76 65 72 56 65 72 73 69 6f 6e 4d 61 78 22 3a 22 22 2c 22 64 65 73 6b 74 6f 70 45 6e 76 69 72 6f 6e 6d 65 6e 74 22 3a 22 22 2c 22 64 72 69 76 65 72 56 65 72 73 69 6f 6e 43 6f 6d 70 61 72 61 74 6f 72 22 3a 22 22 2c 22 69 64 22 3a 22 39 37 31 37 65 37 36 37 2d 35 64 32 64 2d 34 39 65 31 2d 62 30 64 31 2d 36 30 35 63 34 66 66 39 39 66 32 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 36 31 35 31 33 30 32 37 38 7d 2c 7b 22 6f 73 22 3a 22 4c 69 6e 75 78 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 38 32 39 31 38 37 37 35 31 39 2c 22 76 65 6e 64 6f 72 22 3a 22 30 78 31 30 30 32 22 2c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: atureStatus":"BLOCKED_DEVICE","windowProtocol":"","driverVersionMax":"","desktopEnvironment":"","driverVersionComparator":"","id":"9717e767-5d2d-49e1-b0d1-605c4ff99f23","last_modified":1731615130278},{"os":"Linux","schema":1728291877519,"vendor":"0x1002",


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                33192.168.2.74983934.98.75.364437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:05 UTC298OUTGET /api/v1/classify_client/ HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: classify-client.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC283INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 64
                                                                                                                                                                                                                                                                                                                                                                                                                cache-control: max-age=0, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC64INData Raw: 7b 22 72 65 71 75 65 73 74 5f 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 30 37 54 31 35 3a 32 30 3a 30 38 2e 31 37 36 36 35 34 30 32 32 5a 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"request_time":"2024-12-07T15:20:08.176654022Z","country":"US"}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                34192.168.2.74984135.244.181.2014437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:05 UTC437OUTGET /update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: aus5.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC438INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-ID: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-Data-Version: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000;
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
                                                                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache-Status: MISS
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=90
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC42INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 3c 2f 75 70 64 61 74 65 73 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0"?><updates></updates>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                35192.168.2.74984235.244.181.2014437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:05 UTC428OUTGET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: aus5.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC744INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 715
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-ID: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                Rule-Data-Version: unknown
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain; p384ecdsa=pRA9Eb1-2EBe6JmcET4Z5jVyLKasDhArjSMP_ppbpwEV-Zn_-cWq7LAex0LJBqPcH1dagNwCn2R8jYzA-HJ3WVMeXDX-d7wuBBtcRIlWXyLovv4WuoFyD-mg4qZVPrRH
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000;
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'
                                                                                                                                                                                                                                                                                                                                                                                                                X-Proxy-Cache-Status: MISS
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=90
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC646INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 77 69 6e 36 34 2d 33 31 63 34 64 32 65 34 61 30 33 37 35 32 36 66 64 33 30 64 34 65 35 63 33 39 66 36 30 38 38 35 39 38 36 63 66 38 36 35 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 62 36 36 37 30 38 36 65 64 34 39 35 37 39 35 39 32 64 34 33 35 64 66 32 62 34 38 36 66 65 33 30 62 61 31 62 36 32 64 64 64 31 36
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip" hashFunction="sha512" hashValue="b667086ed49579592d435df2b486fe30ba1b62ddd16
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:08 UTC69INData Raw: 34 37 64 22 20 73 69 7a 65 3d 22 31 34 34 38 35 38 36 32 22 20 76 65 72 73 69 6f 6e 3d 22 34 2e 31 30 2e 32 37 31 30 2e 30 22 2f 3e 0a 20 20 20 20 3c 2f 61 64 64 6f 6e 73 3e 0a 3c 2f 75 70 64 61 74 65 73 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 47d" size="14485862" version="4.10.2710.0"/> </addons></updates>


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                36192.168.2.74984834.160.144.1914437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC334OUTGET /chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC537INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Id-2: C6W+8ruidLnuUR9BanEl6IszrSo7X4DK3FNooKmZXTuWSjPdRmSbKMirc0ddp42PD8kp7TgzddY=
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Request-Id: AYDXMRCCT73791FK
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Server-Side-Encryption: AES256
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5319
                                                                                                                                                                                                                                                                                                                                                                                                                Server: AmazonS3
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:24:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3367
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 03 Dec 2024 11:21:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "a2fc6cc1bd92f205c9ecbcb8bd008bb5"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: binary/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC853INData Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 43 37 44 43 43 41 6e 47 67 41 77 49 42 41 67 49 49 47 41 32 6d 32 53 30 51 4d 41 45 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -----BEGIN CERTIFICATE-----MIIC7DCCAnGgAwIBAgIIGA2m2S0QMAEwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC1390INData Raw: 6e 51 74 63 32 6c 6e 62 6d 46 30 64 58 4a 6c 4c 6d 31 76 0a 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 41 6f 47 43 43 71 47 53 4d 34 39 42 41 4d 44 41 32 6b 41 4d 47 59 43 4d 51 43 32 77 31 31 2f 75 6f 79 62 4e 43 66 46 74 55 71 74 4f 36 6e 6c 67 61 37 32 0a 77 2f 79 56 39 61 72 2b 65 42 58 35 52 61 78 72 34 79 36 6d 56 48 6a 79 4d 56 4c 4a 55 48 6b 58 49 38 4d 59 70 79 67 43 4d 51 43 39 62 44 4d 62 36 58 38 46 75 67 34 73 54 46 34 45 42 4d 37 36 0a 69 71 6b 51 4d 6d 51 65 48 78 79 51 4f 32 32 6b 4e 39 50 52 77 41 65 58 46 63 69 69 2b 6f 68 31 41 79 62 6a 34 6e 74 63 69 44 51 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 46 67 54
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nQtc2lnbmF0dXJlLm1vemlsbGEub3JnMAoGCCqGSM49BAMDA2kAMGYCMQC2w11/uoybNCfFtUqtO6nlga72w/yV9ar+eBX5Raxr4y6mVHjyMVLJUHkXI8MYpygCMQC9bDMb6X8Fug4sTF4EBM76iqkQMmQeHxyQO22kN9PRwAeXFcii+oh1Aybj4ntciDQ=-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFgT
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC1390INData Raw: 59 53 35 76 63 6d 63 77 48 34 49 64 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 0a 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 4d 42 51 41 44 67 67 49 42 41 41 32 79 39 46 4d 73 42 47 30 66 6b 72 30 6f 0a 6b 6e 50 68 64 4e 48 4d 64 57 4f 50 75 6b 6e 75 48 6f 43 68 74 61 32 33 75 57 6b 50 6e 74 41 6b 51 7a 4d 71 36 73 72 49 6f 56 4c 57 6d 4e 54 73 75 6e 4c 4c 32 30 67 75 4f 54 31 41 6d 6a 42 39 0a 77 75 34 43 4d 52 31 37 32 52 32 41 37 6a 42 48 6e 69 76 42 6f 6a 4e 77 2f 6e 46 78 65 69 4e 31 65 4c 38 64 68 6b 79 48 6e 6b 48 5a 4d 75 76 6a 55 50 74 74 63 62 51 79 69 34 39 74 63 58 2b 63 0a 4c 42 41 4b 66 55 77 77 49 57 53 2b 7a 4d 4e 2b 31 78 6d 59 4a 57 32 39 52 73 39 44 64 38 50
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: YS5vcmcwH4IdY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQEMBQADggIBAA2y9FMsBG0fkr0oknPhdNHMdWOPuknuHoChta23uWkPntAkQzMq6srIoVLWmNTsunLL20guOT1AmjB9wu4CMR172R2A7jBHnivBojNw/nFxeiN1eL8dhkyHnkHZMuvjUPttcbQyi49tcX+cLBAKfUwwIWS+zMN+1xmYJW29Rs9Dd8P
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC1390INData Raw: 51 46 6f 62 6d 53 64 7a 41 77 43 54 6e 39 77 64 55 62 4f 6b 4b 0a 4b 78 36 35 66 4b 71 70 54 62 54 78 71 6e 71 5a 36 54 53 58 43 36 4f 79 62 45 71 71 68 4e 7a 56 4a 75 39 6a 49 4b 69 42 30 59 45 30 62 4b 6c 4c 50 75 79 79 44 78 6e 75 39 75 74 6c 50 6a 66 30 0a 39 43 7a 32 46 53 33 75 4b 32 64 6b 51 78 36 47 6d 59 57 47 4f 32 76 66 75 50 5a 68 7a 69 50 34 4e 6d 42 51 66 76 63 6d 59 78 50 6c 33 61 5a 55 39 70 41 59 41 4f 44 2f 48 57 2b 34 75 79 4e 4c 0a 53 49 75 47 39 41 64 44 65 73 76 54 49 53 2f 67 6b 57 53 63 73 58 52 58 74 73 41 63 70 43 56 39 65 43 37 49 58 69 72 44 4e 57 73 78 34 32 54 75 65 6b 69 6a 61 31 76 46 51 43 55 79 35 4b 55 63 0a 51 70 72 49 6b 36 39 50 48 35 7a 38 67 79 70 6d 6e 6d 64 41 62 62 4c 6f 49 6e 48 59 71 58 47 61 56 36 34 69 42 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: QFobmSdzAwCTn9wdUbOkKKx65fKqpTbTxqnqZ6TSXC6OybEqqhNzVJu9jIKiB0YE0bKlLPuyyDxnu9utlPjf09Cz2FS3uK2dkQx6GmYWGO2vfuPZhziP4NmBQfvcmYxPl3aZU9pAYAOD/HW+4uyNLSIuG9AdDesvTIS/gkWScsXRXtsAcpCV9eC7IXirDNWsx42Tuekija1vFQCUy5KUcQprIk69PH5z8gypmnmdAbbLoInHYqXGaV64iBp
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC296INData Raw: 57 64 32 64 75 34 64 4c 43 73 2b 57 57 32 45 36 2b 52 37 6a 5a 74 72 73 49 71 46 44 36 71 77 43 4c 71 63 67 42 67 43 39 43 4d 39 55 67 48 65 55 42 4f 69 78 6d 5a 4c 42 4b 43 4e 44 45 0a 4e 31 73 52 6b 6d 63 56 77 58 63 43 6c 35 62 74 64 67 56 56 71 37 34 4d 67 73 64 33 38 78 73 6d 59 75 46 6f 4d 69 36 6e 62 44 4c 6c 6c 6d 36 54 32 71 6c 38 4c 5a 45 78 79 58 32 69 2f 76 6f 30 0a 70 78 68 45 56 52 61 46 77 6a 31 4a 31 72 33 54 52 4e 58 6b 73 6a 64 71 46 63 67 70 4e 43 4d 66 32 46 52 62 6a 44 47 74 56 4c 58 52 56 47 30 44 43 43 47 52 61 79 69 67 4b 67 64 48 37 38 71 4d 0a 48 70 64 58 72 62 61 54 44 46 73 66 4d 4c 54 41 4d 6e 47 46 6e 71 4f 5a 4d 75 4d 6f 62 4e 4a 53 35 4d 36 2f 76 71 64 65 70 6f 43 38 4c 37 78 6d 49 35 64 51 67 57 38 59 47 79 79 6d 72 38 44
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Wd2du4dLCs+WW2E6+R7jZtrsIqFD6qwCLqcgBgC9CM9UgHeUBOixmZLBKCNDEN1sRkmcVwXcCl5btdgVVq74Mgsd38xsmYuFoMi6nbDLllm6T2ql8LZExyX2i/vo0pxhEVRaFwj1J1r3TRNXksjdqFcgpNCMf2FRbjDGtVLXRVG0DCCGRayigKgdH78qMHpdXrbaTDFsfMLTAMnGFnqOZMuMobNJS5M6/vqdepoC8L7xmI5dQgW8YGyymr8D


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                37192.168.2.74984934.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC620OUTPOST /submit/firefox-desktop/baseline/1/58b46d46-b146-420f-81af-5b32c19a8aef HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 451
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC451OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 92 dd 6e a3 30 10 85 df c5 b7 8d 91 4d 20 01 5e 63 bb da 4b cb 3f 03 b5 6a 4c d6 36 c9 46 51 de 7d c7 a6 4d 7a 51 a9 12 42 c3 f8 70 e6 9b f1 dc c8 c9 fa 49 58 3f 2e 64 b8 91 08 7f c9 c0 77 24 26 19 92 48 76 06 32 90 9a d5 7b ca 19 65 ed 2b eb 86 86 bf 30 3e 30 46 76 04 bc f9 51 13 40 c6 c5 a3 42 ea 64 cf 40 ee 3b a2 9d 05 9f 1e 35 13 38 98 21 85 ab 88 e6 5d a8 d5 3a 83 f2 76 5f d5 55 36 28 09 61 64 ca 65 78 7f c4 1a 1c 9f 57 c6 86 f2 bc 94 37 0a 47 1b 62 12 61 f5 9f e2 27 d3 83 46 9e 4e c2 d8 78 72 f2 2a ce 10 a2 2d 68 9c 77 15 ab 78 3e 0f fa cd 26 d0 69 0d d9 e1 5f 77 10 87 e6 e3 bf 4f b2 6c cb fa fa 58 ef eb b6 ee 3e 0e f5 9b f4 1e 1c 1e 07 6c 47 46 c0 bc 5b b4 74 d9 06 3c fd fd 0b 13 4b fc 5a 94 95 f6 96 88 f1 1f eb cd
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n0M ^cK?jL6FQ}MzQBpIX?.dw$&Hv2{e+0>0FvQ@Bd@;58!]:v_U6(adexW7Gba'FNxr*-hwx>&i_wOlX>lGF[t<KZ
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                38192.168.2.74985134.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC376OUTGET /v1/buckets/monitor/collections/changes/changeset?collection=normandy-recipes-capabilities&bucket=main&_expected=0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 255
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:56:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 1405
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 14:47:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC255INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 75 63 6b 65 74 22 3a 22 6d 6f 6e 69 74 6f 72 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 35 38 32 38 33 31 37 34 30 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 69 64 22 3a 22 65 39 66 37 36 61 30 39 2d 31 63 33 31 2d 37 64 63 65 2d 37 63 34 30 2d 38 61 62 66 62 63 66 62 32 34 34 64 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 32 39 36 36 34 36 31 30 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6e 6f 72 6d 61 6e 64 79 2d 72 65 63 69 70 65 73 2d 63 61 70 61 62 69 6c 69 74 69 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 5d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"bucket":"monitor"},"timestamp":1733582831740,"changes":[{"id":"e9f76a09-1c31-7dce-7c40-8abfbcfb244d","last_modified":1733529664610,"bucket":"main","collection":"normandy-recipes-capabilities","host":"firefox.settings.services.mozilla.com"}]}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                39192.168.2.74985234.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC422OUTGET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1732624571832&_since=%221694457382323%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 14465
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:21:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3529
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Wed, 04 Dec 2024 00:00:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 54 68 65 20 61 74 74 61 63 68 6d 65 6e 74 20 69 74 73 65 6c 66 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 68 61 73 68 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 48 61 73 68 22 7d 2c 22 73 69 7a 65 22 3a 7b 22 74 79 70 65 22 3a 22 6e 75 6d 62 65 72 22 2c 22 74 69 74 6c 65 22 3a 22 53 69 7a 65 20 28 62 79 74 65 73 29 22 7d 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 46
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"schema":{"type":"object","properties":{"attachment":{"type":"object","title":"The attachment itself","properties":{"hash":{"type":"string","title":"Hash"},"size":{"type":"number","title":"Size (bytes)"},"filename":{"type":"string","title":"F
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 4f 52 50 76 42 44 61 66 66 58 35 59 30 59 52 58 36 77 44 71 5a 74 57 69 66 69 74 64 58 79 41 39 41 4a 47 74 51 44 30 6f 4a 56 71 4c 39 4a 4e 65 6e 6e 38 6f 73 30 57 69 62 78 4e 77 5a 57 35 5a 42 6a 62 4a 47 6d 56 69 56 2d 51 6d 46 4c 67 36 6e 73 78 31 6a 53 78 44 79 57 68 6a 50 34 47 66 6e 32 63 56 4f 58 48 4c 48 4b 46 50 52 41 44 4f 6e 4d 49 48 65 6d 38
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: s/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"ORPvBDaffX5Y0YRX6wDqZtWifitdXyA9AJGtQD0oJVqL9JNenn8os0WibxNwZW5ZBjbJGmViV-QmFLg6nsx1jSxDyWhjP4Gfn2cVOXHLHKFPRADOnMIHem8
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 2e 34 22 2c 22 7b 33 66 64 38 36 33 35 34 2d 63 37 33 66 2d 34 33 39 35 2d 39 65 32 36 2d 32 63 35 63 39 38 34 35 37 39 62 66 7d 3a 31 2e 31 2e 33 22 5d 2c 22 75 6e 62 6c 6f 63 6b 65 64 22 3a 5b 5d 7d 2c 22 73 63 68 65 6d 61 22 3a 31 37 33 31 34 33 31 32 36 34 35 34 36 2c 22 6b 65 79 5f 66 6f 72 6d 61 74 22 3a 22 7b 67 75 69 64 7d 3a 7b 76 65 72 73 69 6f 6e 7d 22 2c 22 73 74 61 73 68 5f 74 69 6d 65 22 3a 31 37 33 31 34 33 36 35 30 35 33 34 39 2c 22 69 64 22 3a 22 35 63 32 65 38 37 63 64 2d 37 30 65 32 2d 34 66 34 65 2d 62 66 37 65 2d 62 30 32 33 30 63 61 38 38 36 63 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 36 35 37 31 31 38 33 7d 2c 7b 22 73 74 61 73 68 22 3a 7b 22 62 6c 6f 63 6b 65 64 22 3a 5b 22 38 62 32 62 33 63 39 62
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: .4","{3fd86354-c73f-4395-9e26-2c5c984579bf}:1.1.3"],"unblocked":[]},"schema":1731431264546,"key_format":"{guid}:{version}","stash_time":1731436505349,"id":"5c2e87cd-70e2-4f4e-bf7e-b0230ca886c0","last_modified":1731436571183},{"stash":{"blocked":["8b2b3c9b
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 34 65 30 65 2d 39 63 34 32 2d 65 36 31 31 65 39 30 35 30 61 39 37 7d 3a 32 33 2e 31 31 2e 37 22 2c 22 7b 65 64 64 66 31 63 35 38 2d 39 34 38 64 2d 34 65 30 65 2d 39 63 34 32 2d 65 36 31 31 65 39 30 35 30 61 39 37 7d 3a 32 33 2e 31 32 2e 31 22 2c 22 7b 65 64 64 66 31 63 35 38 2d 39 34 38 64 2d 34 65 30 65 2d 39 63 34 32 2d 65 36 31 31 65 39 30 35 30 61 39 37 7d 3a 32 34 2e 32 2e 31 22 5d 2c 22 75 6e 62 6c 6f 63 6b 65 64 22 3a 5b 5d 7d 2c 22 73 63 68 65 6d 61 22 3a 31 37 33 30 37 34 35 34 32 39 33 38 30 2c 22 6b 65 79 5f 66 6f 72 6d 61 74 22 3a 22 7b 67 75 69 64 7d 3a 7b 76 65 72 73 69 6f 6e 7d 22 2c 22 73 74 61 73 68 5f 74 69 6d 65 22 3a 31 37 33 30 38 39 36 35 30 35 34 30 30 2c 22 69 64 22 3a 22 64 36 38 65 39 61 64 37 2d 30 30 66 36 2d 34 66 30 32 2d 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4e0e-9c42-e611e9050a97}:23.11.7","{eddf1c58-948d-4e0e-9c42-e611e9050a97}:23.12.1","{eddf1c58-948d-4e0e-9c42-e611e9050a97}:24.2.1"],"unblocked":[]},"schema":1730745429380,"key_format":"{guid}:{version}","stash_time":1730896505400,"id":"d68e9ad7-00f6-4f02-a
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 62 62 39 65 31 32 38 37 2d 38 34 34 37 2d 34 36 63 36 2d 38 38 33 37 2d 38 34 32 34 65 65 65 35 36 37 37 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 37 34 35 34 32 39 32 34 37 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 63 65 31 38 32 35 31 39 2d 32 66 65 65 2d 34 37 62 66 2d 38 36 39 39 2d 39 63 61 32 36 38 31 61 63 36 33 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 37 34 35 34 32 39 32 34 35 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 32 30 38 33 62 31 64 33 2d 36 30 38 65 2d 34 37 66 32 2d 38 63 39 36 2d 66 66 36 30 37 36 35 66 30 34 39 63 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: deleted":true,"id":"bb9e1287-8447-46c6-8837-8424eee56770","last_modified":1730745429247},{"deleted":true,"id":"ce182519-2fee-47bf-8699-9ca2681ac635","last_modified":1730745429245},{"deleted":true,"id":"2083b1d3-608e-47f2-8c96-ff60765f049c","last_modified"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 64 63 61 2d 34 31 63 65 2d 34 30 38 38 2d 39 33 30 66 2d 37 30 63 66 30 34 38 66 38 37 61 63 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 37 34 35 34 32 39 32 31 36 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 63 31 61 62 30 63 63 38 2d 62 39 34 32 2d 34 31 65 63 2d 61 36 38 61 2d 39 33 65 65 35 39 37 30 31 62 64 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 37 34 35 34 32 39 32 31 34 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 39 64 62 64 34 64 33 36 2d 63 35 64 62 2d 34 37 31 39 2d 61 63 62 64 2d 35 35 31 61 64 36 30 38 65 31 31 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 37 34 35 34 32 39 32 31 32 7d 2c 7b 22 64 65 6c 65 74 65 64
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: dca-41ce-4088-930f-70cf048f87ac","last_modified":1730745429216},{"deleted":true,"id":"c1ab0cc8-b942-41ec-a68a-93ee59701bdb","last_modified":1730745429214},{"deleted":true,"id":"9dbd4d36-c5db-4719-acbd-551ad608e115","last_modified":1730745429212},{"deleted
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 66 30 62 62 63 61 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 33 37 31 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 33 66 37 62 30 64 30 61 2d 39 31 36 64 2d 34 33 39 66 2d 61 34 63 64 2d 65 34 66 31 34 35 38 34 30 39 36 31 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 33 36 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 64 63 64 30 62 36 64 37 2d 37 36 65 63 2d 34 63 39 33 2d 61 34 34 37 2d 63 39 30 66 62 37 39 61 38 33 37 36 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 33 36 35 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 62 65 63 61 63 34 61 31 2d 34 38 62
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: f0bbca","last_modified":1724351846371},{"deleted":true,"id":"3f7b0d0a-916d-439f-a4cd-e4f145840961","last_modified":1724351846368},{"deleted":true,"id":"dcd0b6d7-76ec-4c93-a447-c90fb79a8376","last_modified":1724351846365},{"deleted":true,"id":"becac4a1-48b
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 37 32 34 33 35 31 38 34 36 33 32 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 65 62 31 32 39 31 66 38 2d 32 32 39 66 2d 34 39 66 66 2d 62 63 66 31 2d 64 32 33 65 62 35 31 37 34 35 61 38 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 33 32 35 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 34 35 64 37 64 32 33 39 2d 39 66 65 36 2d 34 35 38 33 2d 39 36 35 38 2d 61 32 32 32 64 64 61 62 39 31 62 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 33 32 32 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 39 34 62 63 30 34 63 65 2d 33 65 62 33 2d 34 34 32 33 2d 61 31 62 31 2d 35 34 31 31 63 37 32 33 30 37 63 30 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 724351846328},{"deleted":true,"id":"eb1291f8-229f-49ff-bcf1-d23eb51745a8","last_modified":1724351846325},{"deleted":true,"id":"45d7d239-9fe6-4583-9658-a222ddab91b3","last_modified":1724351846322},{"deleted":true,"id":"94bc04ce-3eb3-4423-a1b1-5411c72307c0"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 74 72 75 65 2c 22 69 64 22 3a 22 30 32 33 61 66 35 38 34 2d 31 34 30 36 2d 34 64 37 64 2d 38 38 30 35 2d 32 30 63 33 64 32 37 38 33 38 62 32 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 32 37 39 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 66 64 34 35 65 62 66 64 2d 31 33 35 66 2d 34 38 63 38 2d 61 39 65 33 2d 64 38 62 30 39 63 38 35 35 36 30 65 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38 34 36 32 37 36 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 38 30 65 62 31 66 37 31 2d 30 61 35 38 2d 34 34 31 33 2d 39 37 39 62 2d 33 31 31 37 34 32 32 31 65 31 37 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 34 33 35 31 38
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: true,"id":"023af584-1406-4d7d-8805-20c3d27838b2","last_modified":1724351846279},{"deleted":true,"id":"fd45ebfd-135f-48c8-a9e3-d8b09c85560e","last_modified":1724351846276},{"deleted":true,"id":"80eb1f71-0a58-4413-979b-31174221e17f","last_modified":17243518
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 34 36 66 64 2d 38 37 62 33 2d 38 64 61 62 35 38 34 32 31 30 30 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 30 37 33 39 35 38 35 34 37 33 33 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 30 62 39 36 32 66 36 63 2d 38 64 32 61 2d 34 64 65 36 2d 62 38 66 65 2d 34 38 37 36 38 61 36 37 38 61 38 38 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 30 37 33 39 35 38 35 34 37 33 31 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 37 34 62 63 34 61 38 65 2d 34 61 62 34 2d 34 37 34 64 2d 62 35 34 66 2d 63 65 38 36 65 36 37 38 38 66 64 32 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 30 37 33 39 35 38 35 34 37 32 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 46fd-87b3-8dab5842100f","last_modified":1707395854733},{"deleted":true,"id":"0b962f6c-8d2a-4de6-b8fe-48768a678a88","last_modified":1707395854731},{"deleted":true,"id":"74bc4a8e-4ab4-474d-b54f-ce86e6788fd2","last_modified":1707395854728},{"deleted":true,"i


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                40192.168.2.74985334.160.144.1914437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:09 UTC334OUTGET /chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC537INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Id-2: GMFLbv4ADnVlK58Qb8q95YqGhF/CuBmGrtJqm4eYOmg1STzJ97Tmglv3Qwu9QtYckTuhycx0g/o=
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Request-Id: V879YENNNXTPD0HF
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Server-Side-Encryption: AES256
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5319
                                                                                                                                                                                                                                                                                                                                                                                                                Server: AmazonS3
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:25:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3256
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 03 Dec 2024 11:21:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "a2fc6cc1bd92f205c9ecbcb8bd008bb5"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: binary/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC853INData Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 43 37 44 43 43 41 6e 47 67 41 77 49 42 41 67 49 49 47 41 32 6d 32 53 30 51 4d 41 45 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -----BEGIN CERTIFICATE-----MIIC7DCCAnGgAwIBAgIIGA2m2S0QMAEwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 6e 51 74 63 32 6c 6e 62 6d 46 30 64 58 4a 6c 4c 6d 31 76 0a 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 41 6f 47 43 43 71 47 53 4d 34 39 42 41 4d 44 41 32 6b 41 4d 47 59 43 4d 51 43 32 77 31 31 2f 75 6f 79 62 4e 43 66 46 74 55 71 74 4f 36 6e 6c 67 61 37 32 0a 77 2f 79 56 39 61 72 2b 65 42 58 35 52 61 78 72 34 79 36 6d 56 48 6a 79 4d 56 4c 4a 55 48 6b 58 49 38 4d 59 70 79 67 43 4d 51 43 39 62 44 4d 62 36 58 38 46 75 67 34 73 54 46 34 45 42 4d 37 36 0a 69 71 6b 51 4d 6d 51 65 48 78 79 51 4f 32 32 6b 4e 39 50 52 77 41 65 58 46 63 69 69 2b 6f 68 31 41 79 62 6a 34 6e 74 63 69 44 51 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 46 67 54
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nQtc2lnbmF0dXJlLm1vemlsbGEub3JnMAoGCCqGSM49BAMDA2kAMGYCMQC2w11/uoybNCfFtUqtO6nlga72w/yV9ar+eBX5Raxr4y6mVHjyMVLJUHkXI8MYpygCMQC9bDMb6X8Fug4sTF4EBM76iqkQMmQeHxyQO22kN9PRwAeXFcii+oh1Aybj4ntciDQ=-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFgT
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 59 53 35 76 63 6d 63 77 48 34 49 64 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 0a 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 4d 42 51 41 44 67 67 49 42 41 41 32 79 39 46 4d 73 42 47 30 66 6b 72 30 6f 0a 6b 6e 50 68 64 4e 48 4d 64 57 4f 50 75 6b 6e 75 48 6f 43 68 74 61 32 33 75 57 6b 50 6e 74 41 6b 51 7a 4d 71 36 73 72 49 6f 56 4c 57 6d 4e 54 73 75 6e 4c 4c 32 30 67 75 4f 54 31 41 6d 6a 42 39 0a 77 75 34 43 4d 52 31 37 32 52 32 41 37 6a 42 48 6e 69 76 42 6f 6a 4e 77 2f 6e 46 78 65 69 4e 31 65 4c 38 64 68 6b 79 48 6e 6b 48 5a 4d 75 76 6a 55 50 74 74 63 62 51 79 69 34 39 74 63 58 2b 63 0a 4c 42 41 4b 66 55 77 77 49 57 53 2b 7a 4d 4e 2b 31 78 6d 59 4a 57 32 39 52 73 39 44 64 38 50
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: YS5vcmcwH4IdY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQEMBQADggIBAA2y9FMsBG0fkr0oknPhdNHMdWOPuknuHoChta23uWkPntAkQzMq6srIoVLWmNTsunLL20guOT1AmjB9wu4CMR172R2A7jBHnivBojNw/nFxeiN1eL8dhkyHnkHZMuvjUPttcbQyi49tcX+cLBAKfUwwIWS+zMN+1xmYJW29Rs9Dd8P
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC1390INData Raw: 51 46 6f 62 6d 53 64 7a 41 77 43 54 6e 39 77 64 55 62 4f 6b 4b 0a 4b 78 36 35 66 4b 71 70 54 62 54 78 71 6e 71 5a 36 54 53 58 43 36 4f 79 62 45 71 71 68 4e 7a 56 4a 75 39 6a 49 4b 69 42 30 59 45 30 62 4b 6c 4c 50 75 79 79 44 78 6e 75 39 75 74 6c 50 6a 66 30 0a 39 43 7a 32 46 53 33 75 4b 32 64 6b 51 78 36 47 6d 59 57 47 4f 32 76 66 75 50 5a 68 7a 69 50 34 4e 6d 42 51 66 76 63 6d 59 78 50 6c 33 61 5a 55 39 70 41 59 41 4f 44 2f 48 57 2b 34 75 79 4e 4c 0a 53 49 75 47 39 41 64 44 65 73 76 54 49 53 2f 67 6b 57 53 63 73 58 52 58 74 73 41 63 70 43 56 39 65 43 37 49 58 69 72 44 4e 57 73 78 34 32 54 75 65 6b 69 6a 61 31 76 46 51 43 55 79 35 4b 55 63 0a 51 70 72 49 6b 36 39 50 48 35 7a 38 67 79 70 6d 6e 6d 64 41 62 62 4c 6f 49 6e 48 59 71 58 47 61 56 36 34 69 42 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: QFobmSdzAwCTn9wdUbOkKKx65fKqpTbTxqnqZ6TSXC6OybEqqhNzVJu9jIKiB0YE0bKlLPuyyDxnu9utlPjf09Cz2FS3uK2dkQx6GmYWGO2vfuPZhziP4NmBQfvcmYxPl3aZU9pAYAOD/HW+4uyNLSIuG9AdDesvTIS/gkWScsXRXtsAcpCV9eC7IXirDNWsx42Tuekija1vFQCUy5KUcQprIk69PH5z8gypmnmdAbbLoInHYqXGaV64iBp
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:10 UTC296INData Raw: 57 64 32 64 75 34 64 4c 43 73 2b 57 57 32 45 36 2b 52 37 6a 5a 74 72 73 49 71 46 44 36 71 77 43 4c 71 63 67 42 67 43 39 43 4d 39 55 67 48 65 55 42 4f 69 78 6d 5a 4c 42 4b 43 4e 44 45 0a 4e 31 73 52 6b 6d 63 56 77 58 63 43 6c 35 62 74 64 67 56 56 71 37 34 4d 67 73 64 33 38 78 73 6d 59 75 46 6f 4d 69 36 6e 62 44 4c 6c 6c 6d 36 54 32 71 6c 38 4c 5a 45 78 79 58 32 69 2f 76 6f 30 0a 70 78 68 45 56 52 61 46 77 6a 31 4a 31 72 33 54 52 4e 58 6b 73 6a 64 71 46 63 67 70 4e 43 4d 66 32 46 52 62 6a 44 47 74 56 4c 58 52 56 47 30 44 43 43 47 52 61 79 69 67 4b 67 64 48 37 38 71 4d 0a 48 70 64 58 72 62 61 54 44 46 73 66 4d 4c 54 41 4d 6e 47 46 6e 71 4f 5a 4d 75 4d 6f 62 4e 4a 53 35 4d 36 2f 76 71 64 65 70 6f 43 38 4c 37 78 6d 49 35 64 51 67 57 38 59 47 79 79 6d 72 38 44
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Wd2du4dLCs+WW2E6+R7jZtrsIqFD6qwCLqcgBgC9CM9UgHeUBOixmZLBKCNDEN1sRkmcVwXcCl5btdgVVq74Mgsd38xsmYuFoMi6nbDLllm6T2ql8LZExyX2i/vo0pxhEVRaFwj1J1r3TRNXksjdqFcgpNCMf2FRbjDGtVLXRVG0DCCGRayigKgdH78qMHpdXrbaTDFsfMLTAMnGFnqOZMuMobNJS5M6/vqdepoC8L7xmI5dQgW8YGyymr8D


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                41192.168.2.74985934.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:11 UTC621OUTPOST /submit/firefox-desktop/top-sites/1/054622d9-6ed7-4f25-87fd-b3a9cd668b65 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 670
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:11 UTC670OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 53 5d 73 a2 30 14 fd 2f 99 e9 53 c5 06 88 f2 31 b3 b3 33 b5 7e e0 43 3b ba 6d 51 5f 18 84 60 a3 10 62 12 44 ed f8 df 37 81 b6 5b fb b2 33 09 0c 39 f7 9e 73 ee cd e5 1d 30 42 37 11 a1 59 09 fc 77 20 f0 1e f8 b0 03 84 8c b9 8c 24 29 30 f0 81 05 2d db 30 a1 01 7b cf d0 f5 91 79 0b 4d 1f 42 d0 01 98 a6 ff 89 b9 74 40 92 13 4c e5 97 82 c4 39 2e b0 e4 a7 48 a4 bb 68 5d 91 3c 55 e9 3d bb 6b 75 35 65 46 b8 90 11 af 68 94 c6 f2 9a f8 4b b6 26 34 2d 6b d1 26 47 b4 2a d6 98 03 df f4 20 ea 75 40 cc 58 94 bc c5 94 e2 5c 65 73 a5 16 0b ac 92 62 9e bc 11 89 13 59 71 4d 7b 74 fb 51 1f 81 36 fe d3 85 d6 82 9e e5 58 b6 d5 b3 5c 05 96 22 3a 60 2e 48 49 15 6a c2 c6 61 5e 26 71 ae 29 30 35 5e fe 34 41 ea 23 6c 3d 7d 10 a6 44 b0 3c 3e 7d 4f 36
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: S]s0/S13~C;mQ_`bD7[39s0B7Yw $)0-0{yMBt@L9.Hh]<U=ku5eFhK&4-k&G* u@X\esbYqM{tQ6X\":`.HIja^&q)05^4A#l=}D<>}O6
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                42192.168.2.74986034.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:11 UTC399OUTGET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1733529664610 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 38416
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:30:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2958
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 00:01:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 73 74 61 72 74 75 70 22 5d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 33 72 64 6d 35 76 37 65 6b 77 6f 62 72 37 62 76 38 79 63 6e 32 32 63 7a 69 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"flags":["startup"],"signature":{"ref":"3rdm5v7ekwobr7bv8ycn22czi","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturep
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 63 74 69 6f 6e 22 3a 22 6d 75 6c 74 69 2d 70 72 65 66 65 72 65 6e 63 65 2d 65 78 70 65 72 69 6d 65 6e 74 22 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 7b 22 73 6c 75 67 22 3a 22 62 75 67 2d 31 38 32 38 31 38 30 2d 70 72 65 66 2d 64 69 73 61 62 6c 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 74 61 73 6b 2d 6f 6e 2d 6d 61 63 6f 73 2d 72 65 6c 65 61 73 65 2d 31 31 32 2d 31 31 32 22 2c 22 62 72 61 6e 63 68 65 73 22 3a 5b 7b 22 73 6c 75 67 22 3a 22 64 69 73 61 62 6c 65 64 22 2c 22 72 61 74 69 6f 22 3a 31 30 30 2c 22 70 72 65 66 65 72 65 6e 63 65 73 22 3a 7b 22 64 6f 6d 2e 71 75 6f 74 61 4d 61 6e 61 67 65 72 2e 62 61 63 6b 67 72 6f 75 6e 64 54 61 73 6b 2e 65 6e 61 62 6c 65 64 22 3a 7b 22 70 72 65 66 65 72 65 6e 63 65 54 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ction":"multi-preference-experiment","arguments":{"slug":"bug-1828180-pref-disable-background-task-on-macos-release-112-112","branches":[{"slug":"disabled","ratio":100,"preferences":{"dom.quotaManager.backgroundTask.enabled":{"preferenceType":"boolean","p
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 74 61 6d 70 22 3a 22 32 30 32 34 2d 31 32 2d 30 37 54 30 30 3a 30 31 3a 30 33 2e 35 38 30 30 33 34 5a 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 22 7d 2c 22 69 64 22 3a 22 31 33 31 36 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 32 39 36 36 34 36 31 30 7d 2c 7b 22 72 65 63 69 70 65 22 3a 7b 22 69 64 22 3a 31 32 34 36 2c 22 6e 61 6d 65 22 3a 22 46 69 78 20 77 65 62 63 6f 6d 70 61 74 20 73 68 69 6d 20 62 72 65 61 6b 61 67 65 22 2c 22 61 63 74 69 6f 6e 22 3a 22 70 72 65 66 65 72 65 6e 63 65 2d 72 6f 6c 6c 6f 75 74 22 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 7b 22 73 6c 75 67 22 3a 22 62 75 67 2d 31 38 30 32 32 38 36 2d 72 6f 6c 6c 6f 75 74 2d 66 69 78 2d 77 65 62 63 6f 6d 70 61 74 2d 73 68 69 6d 2d 62 72 65 61 6b 61 67 65 2d 72 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tamp":"2024-12-07T00:01:03.580034Z","public_key":""},"id":"1316","last_modified":1733529664610},{"recipe":{"id":1246,"name":"Fix webcompat shim breakage","action":"preference-rollout","arguments":{"slug":"bug-1802286-rollout-fix-webcompat-shim-breakage-re
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 6e 74 73 22 3a 7b 22 73 6c 75 67 22 3a 22 62 75 67 2d 31 37 35 38 39 38 38 2d 72 6f 6c 6c 6f 75 74 2d 64 6f 68 2d 65 6e 61 62 6c 6d 65 6e 74 2d 74 6f 2d 6e 65 77 2d 63 6f 75 6e 74 72 69 65 73 2d 73 74 61 67 67 65 72 65 64 2d 73 74 2d 72 65 6c 65 61 73 65 2d 39 38 2d 31 30 30 22 2c 22 70 72 65 66 65 72 65 6e 63 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 70 72 65 66 65 72 65 6e 63 65 4e 61 6d 65 22 3a 22 64 6f 68 2d 72 6f 6c 6c 6f 75 74 2e 72 75 2e 65 6e 61 62 6c 65 64 22 7d 5d 7d 2c 22 72 65 76 69 73 69 6f 6e 5f 69 64 22 3a 22 33 38 32 32 22 2c 22 63 61 70 61 62 69 6c 69 74 69 65 73 22 3a 5b 22 61 63 74 69 6f 6e 2e 70 72 65 66 65 72 65 6e 63 65 2d 72 6f 6c 6c 6f 75 74 22 2c 22 63 61 70 61 62 69 6c 69 74 69 65 73 2d 76 31 22 2c 22 6a 65 78
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nts":{"slug":"bug-1758988-rollout-doh-enablment-to-new-countries-staggered-st-release-98-100","preferences":[{"value":true,"preferenceName":"doh-rollout.ru.enabled"}]},"revision_id":"3822","capabilities":["action.preference-rollout","capabilities-v1","jex
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 67 6e 61 74 75 72 65 22 3a 22 47 61 32 73 2d 5f 77 75 42 47 47 76 6c 42 6c 51 64 31 6d 47 31 2d 54 72 67 77 31 4b 76 79 48 44 78 43 54 6b 4c 58 62 4f 33 37 75 49 76 4a 6e 55 4d 49 4e 62 55 78 61 62 74 6a 66 4b 44 43 73 43 68 4b 61 70 69 74 54 42 56 36 71 73 57 79 39 5f 79 75 4b 48 50 38 4e 32 61 44 75 43 46 51 68 6e 67 6d 4d 6b 73 52 71 42 50 71 6a 34 5a 4c 4c 30 73 78 4f 34 32 62 46 4e 78 62 5f 33 46 35 43 51 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 31 32 2d 30 37 54 30 30 3a 30 31 3a 30 34 2e 32 38 31 33 34 35 5a 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 22 7d 2c 22 69 64 22 3a 22 31 32 30 38 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 32 39 36 36 34 36 30 35 7d 2c 7b 22 72 65 63 69 70 65 22 3a 7b 22 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: gnature":"Ga2s-_wuBGGvlBlQd1mG1-Trgw1KvyHDxCTkLXbO37uIvJnUMINbUxabtjfKDCsChKapitTBV6qsWy9_yuKHP8N2aDuCFQhngmMksRqBPqj4ZLL0sxO42bFNxb_3F5CQ","timestamp":"2024-12-07T00:01:04.281345Z","public_key":""},"id":"1208","last_modified":1733529664605},{"recipe":{"i
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 32 39 36 36 34 36 30 32 7d 2c 7b 22 72 65 63 69 70 65 22 3a 7b 22 69 64 22 3a 31 33 34 35 2c 22 6e 61 6d 65 22 3a 22 50 61 67 65 20 6c 6f 61 64 20 74 69 6d 65 20 70 61 74 63 68 22 2c 22 61 63 74 69 6f 6e 22 3a 22 6d 75 6c 74 69 2d 70 72 65 66 65 72 65 6e 63 65 2d 65 78 70 65 72 69 6d 65 6e 74 22 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 7b 22 73 6c 75 67 22 3a 22 62 75 67 2d 31 38 34 38 37 34 38 2d 70 72 65 66 2d 70 61 67 65 2d 6c 6f 61 64 2d 74 69 6d 65 2d 70 61 74 63 68 2d 72 65 6c 65 61 73 65 2d 31 31 36 2d 31 31 37 22 2c 22 62 72 61 6e 63 68 65 73 22 3a 5b 7b 22 73 6c 75 67 22 3a 22 72 65 73 65 74 2d 74 6f 2d 66 61 6c 73 65 22 2c 22 72 61 74 69 6f 22 3a 31 30 30 2c 22 70 72 65 66 65 72 65 6e 63 65 73 22 3a 7b 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: odified":1733529664602},{"recipe":{"id":1345,"name":"Page load time patch","action":"multi-preference-experiment","arguments":{"slug":"bug-1848748-pref-page-load-time-patch-release-116-117","branches":[{"slug":"reset-to-false","ratio":100,"preferences":{"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 31 4f 79 62 69 52 51 53 70 39 65 36 44 30 73 6d 51 47 71 5a 4d 78 57 58 52 79 44 57 36 44 33 57 61 73 55 38 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 31 32 2d 30 36 54 30 30 3a 30 31 3a 30 33 2e 34 38 36 31 36 37 5a 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 22 7d 2c 22 69 64 22 3a 22 31 33 34 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 34 34 33 32 36 34 30 32 39 7d 2c 7b 22 72 65 63 69 70 65 22 3a 7b 22 69 64 22 3a 31 33 34 33 2c 22 6e 61 6d 65 22 3a 22 50 61 67 65 20 6c 6f 61 64 20 74 69 6d 65 20 70 61 74 63 68 20 62 65 74 61 22 2c 22 61 63 74 69 6f 6e 22 3a 22 6d 75 6c 74 69 2d 70 72 65 66 65 72 65 6e 63 65 2d 65 78 70 65 72 69 6d 65 6e 74 22 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 7b 22 73 6c 75 67 22 3a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1OybiRQSp9e6D0smQGqZMxWXRyDW6D3WasU8","timestamp":"2024-12-06T00:01:03.486167Z","public_key":""},"id":"1345","last_modified":1733443264029},{"recipe":{"id":1343,"name":"Page load time patch beta","action":"multi-preference-experiment","arguments":{"slug":
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 75 73 74 3d 32 30 31 37 2d 30 36 2d 31 33 2d 32 31 2d 30 36 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 42 31 39 43 72 5f 65 52 69 70 67 61 78 51 67 7a 6c 69 34 48 31 54 46 4c 6f 45 5a 6d 57 6b 64 72 52 5a 44 79 51 56 30 61 77 39 36 6f 4c 76 31 4d 66 4b 52 43 30 38 4b 66 6f 6d 66 31 6a 59 45 45 66 6c 70 34 4d 77 4e 45 38 6a 53 63 4d 59 33 44 5a 45 42 53 4d 74 4e 6c 6a 74 4b 59 36 79 55 6e 79 41 73 70 31 46 54 4f 63 42 44 4e 31 77 48 55 70 59 67 34 36 58 70 6e 6d 69 4a 79 78 37 31 2d 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 31 32 2d 30 36 54 30 30 3a 30 31 3a 30 33 2e 37 32 31 35 30 33 5a 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 22 7d 2c 22 69 64 22 3a 22 31 33 34 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ust=2017-06-13-21-06","signature":"B19Cr_eRipgaxQgzli4H1TFLoEZmWkdrRZDyQV0aw96oLv1MfKRC08Kfomf1jYEEflp4MwNE8jScMY3DZEBSMtNljtKY6yUnyAsp1FTOcBDN1wHUpYg46XpnmiJyx71-","timestamp":"2024-12-06T00:01:03.721503Z","public_key":""},"id":"1343","last_modified":173
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 32 30 32 34 30 32 2f 6e 6f 72 6d 61 6e 64 79 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 30 31 2d 32 30 2d 34 38 2d 32 38 2e 63 68 61 69 6e 3f 63 61 63 68 65 62 75 73 74 3d 32 30 31 37 2d 30 36 2d 31 33 2d 32 31 2d 30 36 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 74 70 4d 4e 79 30 36 79 73 35 4e 45 6d 32 6b 64 58 4f 39 46 44 75 74 64 2d 6f 31 5a 79 44 57 59 37 51 61 51 38 56 37 69 75 51 49 50 5f 6b 5a 55 50 46 70 79 5a 41 48 58 67 56 6d 4e 78 45 70 6f 4d 64 67 30 34 38 47 6f 37 58 6a 44 47 62 72 63 35 74 74 5a 42 49 6f 46 48 34 50 50 79 67 54 75 5f 34 51
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: content-signature-2.cdn.mozilla.net/chains/202402/normandy.content-signature.mozilla.org-2025-01-01-20-48-28.chain?cachebust=2017-06-13-21-06","signature":"tpMNy06ys5NEm2kdXO9FDutd-o1ZyDWY7QaQ8V7iuQIP_kZUPFpyZAHXgVmNxEpoMdg048Go7XjDGbrc5ttZBIoFH4PPygTu_4Q
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 20 5b 5c 22 72 65 6c 65 61 73 65 5c 22 5d 29 20 26 26 20 28 28 65 6e 76 2e 76 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 5c 22 31 32 35 2e 30 2e 31 5c 22 29 3e 3d 30 29 26 26 28 65 6e 76 2e 76 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 5c 22 31 32 35 2e 30 2e 32 5c 22 29 3c 30 29 29 20 26 26 20 28 5b 5c 22 68 74 74 70 2d 64 6f 77 6e 6c 6f 61 64 2d 63 6f 6e 66 69 67 5c 22 2c 6e 6f 72 6d 61 6e 64 79 2e 75 73 65 72 49 64 5d 7c 62 75 63 6b 65 74 53 61 6d 70 6c 65 28 30 2c 31 30 30 30 30 2c 31 30 30 30 30 29 29 22 2c 22 75 73 65 73 5f 6f 6e 6c 79 5f 62 61 73 65 6c 69 6e 65 5f 63 61 70 61 62 69 6c 69 74 69 65 73 22 3a 66 61 6c 73 65 7d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 78 35 75 22 3a 22 68 74 74 70 73 3a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: [\"release\"]) && ((env.version|versionCompare(\"125.0.1\")>=0)&&(env.version|versionCompare(\"125.0.2\")<0)) && ([\"http-download-config\",normandy.userId]|bucketSample(0,10000,10000))","uses_only_baseline_capabilities":false},"signature":{"x5u":"https:


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                43192.168.2.74986234.117.121.534437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC338OUTGET /staging/addons-bloomfilters/47758106-fb81-4eaa-86a8-f7f7d77cd192.bin HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox-settings-attachments.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC692INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-generation: 1730745429085498
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-metageneration: 1
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-stored-content-encoding: identity
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-stored-content-length: 845025
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-hash: crc32c=T3Azlg==
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-hash: md5=PAUQ5la9G/ulHlyx0BxYPg==
                                                                                                                                                                                                                                                                                                                                                                                                                x-goog-storage-class: STANDARD
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 845025
                                                                                                                                                                                                                                                                                                                                                                                                                X-GUploader-UploadID: AFiumC43wAiWYBtfEm7XZ7smt1CyvqSY7AYtJV8HV9YKWaxVi7SiX6K07Sj92uvfY3uyVuZZMYMziKBgMg
                                                                                                                                                                                                                                                                                                                                                                                                                Server: UploadServer
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Mon, 02 Dec 2024 18:37:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=604800
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 420160
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 04 Nov 2024 18:37:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "3c0510e656bd1bfba51e5cb1d01c583e"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC698INData Raw: 02 00 00 10 54 2f a0 15 f2 da 6f 89 d3 10 04 ac fd 64 15 67 02 60 55 2e 00 02 00 00 00 01 da 14 d4 4f 76 c3 bc fe 0d df df c3 2e 45 37 52 f5 f7 9a 8a f1 64 1a 37 6f b9 59 06 2f 33 cd c4 90 d0 26 18 d9 42 63 c7 bc af fc 41 19 16 ef 97 f5 40 cb 0f 1b 7c b5 37 03 c6 8f ea 61 61 cc bd b9 81 9f 18 7f 2c d2 97 ba 22 84 be 1b 77 77 e1 ae 68 84 ba 55 29 6d 45 2f 52 ed 97 48 92 c6 94 ea d5 18 b9 0d ec b2 d9 8a fb ee 60 0f 6f e7 9f d8 c7 da e1 0c c8 d5 f7 2f c6 55 bb 68 15 6a 9d 22 77 d6 18 ae d3 db 42 f7 40 2e 05 45 a9 05 f2 f1 40 e2 c6 03 3f 86 32 0d 37 c4 0f 02 00 7e 27 1f 4d a8 02 77 cc 20 d3 09 9d 2e 16 1d 76 f7 ff 30 43 69 85 50 7c c6 c8 f4 7c 3b 92 ac 42 a3 c6 b9 56 a5 d8 e4 ee 0e af 9f 3e 41 17 1c c6 59 33 9c 4f 66 bc 18 2e 12 bf 1f a8 b6 9f 1f 1a aa 7d 48
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: T/odg`U.Ov.E7Rd7oY/3&BcA@|7aa,"wwhU)mE/RH`o/Uhj"wB@.E@?27~'Mw .v0CiP||;BV>AY3Of.}H
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 57 84 41 d1 ab 05 a5 ae 5b 30 c5 a5 86 a4 1f 29 e7 a9 30 ef c8 52 e6 22 12 d1 3d 3d 20 f8 6b 94 36 6d 55 3c 78 03 72 4b e7 26 dd be 0a 23 52 7c 3b fb 23 c0 8c 73 85 eb bd 59 c0 ed 39 29 a3 28 95 52 a8 72 ab 2c ba 2b b4 f4 09 bf cf 32 db 03 15 7a 97 a9 53 93 c4 44 ff 1c 83 b5 0e ff b5 f1 7c f0 60 50 4c ce ab 93 7c fa 55 59 36 7d 72 2a 1f 03 c4 e6 eb 26 7b 00 e1 2e be 89 3e 36 d2 cf a9 d7 44 4e fe a7 0e d6 bb b3 30 ff ab bc b6 a4 fd c8 9f 4c bb 9a 94 97 1d 96 11 ad b4 0c 99 28 49 35 be d8 16 db aa 14 fd 92 fd 6c 70 aa 36 70 e6 d8 fa 8b 17 f1 c5 7b 0f 76 e1 6a 0a a5 cd 93 24 cb 3f 0a b5 72 99 68 c5 01 7f 05 95 ac d6 0b b7 eb 4b 9f 6e e8 a9 d9 9a 52 41 2f 4a 46 aa fd ea f0 59 57 61 d4 d0 9d e7 56 a8 a9 ef ab 4f a9 90 89 e6 92 a5 9e fb 5c 3d ce a6 47 30 b2 06
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: WA[0)0R"== k6mU<xrK&#R|;#sY9)(Rr,+2zSD|`PL|UY6}r*&{.>6DN0L(I5lp6p{vj$?rhKnRA/JFYWaVO\=G0
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: a7 d6 6d 3d 79 30 7c 5c 40 64 60 73 9f d6 09 e0 cb 3d e0 d8 c7 f9 db 61 dc 1b d2 b0 4d 7b ec 19 23 f7 cd f6 87 8e 96 8a fe 41 33 f7 f4 48 3a 37 d2 df 64 fc 22 64 d5 e4 6d a4 03 ea bf e6 2f 85 7f bb 1f e0 6d 16 77 18 04 86 b1 bc 40 fd 49 d5 af 17 a9 79 a3 58 f6 eb e1 19 27 93 5e 76 08 1e c7 ec 8a f1 ea 58 c1 ac c4 ff 4d 98 b2 fc 8d db 4e 0a ba 74 4f bd a5 d4 99 31 3a a9 50 d5 9f d5 e5 cf bd d1 89 eb 56 a3 b3 51 2f 38 74 af dd b2 8f a8 69 4d bd 36 79 05 cb 78 27 fb b6 19 a7 59 2e 4f fc 88 ed 84 55 82 5d cd 8a 99 cf 0b 79 e1 a0 30 ac 95 41 a2 49 b7 74 17 e8 7b 73 ac 81 cb 80 2c 78 4b e7 b5 e8 e1 04 f6 99 d9 3a c5 1e 2f 1f c5 e1 fa 92 84 86 7e 75 58 96 1a ca c2 24 e1 bb 3b 93 0d 52 e8 4a 0a 0c 97 7b 45 ce 6a a1 35 0e a6 30 7a a8 e5 ab 16 95 83 c6 a7 66 ed 27
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: m=y0|\@d`s=aM{#A3H:7d"dm/mw@IyX'^vXMNtO1:PVQ/8tiM6yx'Y.OU]y0AIt{s,xK:/~uX$;RJ{Ej50zf'
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 3f 24 1c 2f ce c3 d7 6e 38 fb 93 bb dd cd 7d 72 12 a9 dc f3 fc ae 5c 29 e3 f6 34 fe 65 d7 c0 b6 15 9b 93 93 89 1c bd 60 28 b8 7f 13 bf c6 91 9f f1 43 50 11 34 c2 fe 8e fb 2f 09 c7 c5 f3 63 ea 02 ae db 9d 33 f7 e8 8e 38 6d c3 a8 34 df 1c 1f d8 60 8b 94 5c 9c d7 5c d7 87 7d 80 fa f2 d3 6d 95 f5 a3 de 96 23 0d a9 e6 ae 11 af 2c 32 bc 55 54 f7 cf fb b4 5f f8 5f c1 3f af 3f 25 c8 2b fc 4e 52 9d c0 71 a8 1a 78 82 9d 11 72 50 d9 ad 95 3b 6f fe 8e f5 cc db 54 f7 99 3f 70 1d 84 39 b7 ae 89 01 d4 a4 3b 1e c3 e0 1f a4 c2 e4 4c 1a b1 69 f0 6f 10 46 2d 6f d3 5c 35 3c 67 34 d0 0b ec 24 4f 0e 81 a0 c7 4f a6 c3 c5 b5 d9 be d7 b1 d9 15 ef 9d dc 4c e5 ef 1e bf ed 36 59 1f 1c 39 eb 34 9f b7 d6 ed 1a 88 27 22 ef d2 50 24 39 d7 cd c3 e3 c8 b2 bc 88 90 59 71 bd 51 66 cb a3 91
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ?$/n8}r\)4e`(CP4/c38m4`\\}m#,2UT__??%+NRqxrP;oT?p9;LioF-o\5<g4$OOL6Y94'"P$9YqQf
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: c3 a7 fc 63 20 89 b9 7a c7 dd 2d 17 a1 8f bd d6 f5 0a e9 3b d7 33 cd ee fd 88 5f 9e 97 90 a2 d8 00 67 f8 47 fd af f5 e9 dc 7d f5 3c c1 30 f8 04 b2 0b 3c 97 00 da 8d a5 73 c1 f0 ec 05 67 90 f3 27 a3 a5 da a1 0b 0f e7 80 30 ec c7 b6 bb 4e 94 8c c1 27 38 86 f3 ac 94 de fa c1 2a ac e1 ec bd 21 0e c2 ef 68 d3 df 00 e5 cc ff 33 16 8e 16 7f 2c b2 83 5d b0 57 ae 6c 58 93 9a 2d 11 db fb 33 fb 25 f1 2c f9 dd 39 55 d5 fd 1d fd 8d cd 7a f6 4e fd ec db a1 c0 f6 96 e1 b3 5e bc 2b ef 1b a6 b0 e1 8d 7d 3e 45 e6 d3 07 fc 23 bb fe 15 cf 24 46 9f d0 0d 25 47 1c 38 d8 ac ec 05 53 76 6c e2 6b 76 3e 73 23 ba 48 d6 86 da ff 31 6b b5 1c dd 3f a0 2e 6e 0d c5 52 13 c2 0e 3e 03 ee 9a b0 5c ec 96 b5 65 ca 9d 57 cd 16 4c c3 c4 eb aa bb 8c a3 42 1b cb 44 1f a3 3b e1 8d e3 4f ad cb 86
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: c z-;3_gG}<0<sg'0N'8*!h3,]WlX-3%,9UzN^+}>E#$F%G8Svlkv>s#H1k?.nR>\eWLBD;O
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: d4 35 77 eb 56 57 75 2c 7b e6 64 d9 2a b9 03 11 ca 06 4c 07 da 73 c3 ec de d9 a7 e4 7b 7a 48 d8 f9 f3 9d 9a fe a0 b9 73 2f 60 e5 c4 c0 b5 64 3d 02 39 32 da 25 e1 c5 57 f3 da 1f 5b 46 27 ce 04 00 1b a4 07 21 e2 89 b4 90 36 5a 2f c6 fa 7b f4 70 2f 19 41 af 75 4c 83 f8 6a e3 a5 d0 5a 75 69 9a 47 36 ac ce 0f 39 74 79 10 e8 8c 8d 13 70 ad 17 c1 f5 9d b3 1c a2 2d 58 87 2a 27 f7 e1 50 46 69 ab c5 cc f6 9e 2a e4 a7 4d 4d 94 3c 8a f1 59 f3 2f 42 cf ff f4 6b af ae 47 e5 5d 04 95 a7 ee 4e 75 1f 60 6a fa 82 bb 30 c3 e4 d6 20 ea c2 19 e8 7d f9 de bc 5a 08 89 eb ac 3d 9c d6 ad 67 0d 8f 0d b3 e0 b5 be 9c a9 a8 46 aa 2a 9d ab f3 0e 8f de 65 d3 71 e6 33 cc d5 f5 77 5c 7c 9e 34 9b fd 8b 3e f1 ce bf 85 d7 6a 4a 7f 3c 7e 65 8e e5 ab 0b 67 35 4e 6b cf d2 eb 2a 07 2f 5e cf 14
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 5wVWu,{d*Ls{zHs/`d=92%W[F'!6Z/{p/AuLjZuiG69typ-X*'PFi*MM<Y/BkG]Nu`j0 }Z=gF*eq3w\|4>jJ<~eg5Nk*/^
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 64 31 22 94 de 34 5c 63 ab 3b a3 41 e4 7f ee 11 b2 12 5d ef 9b a5 73 2c 42 2a 2f f9 3f 90 01 5e 56 56 ac 8e df 63 7f 1e 3f ce 9d df cd f4 1f 6b 85 e4 02 14 7c 46 b7 c6 f5 d3 d8 17 31 99 f3 73 f2 de 7d 2b 80 d0 99 71 3f 01 54 d1 fb f0 df 31 cb 91 bc ff 58 10 97 9e f2 a0 8d 76 8e 5b c6 b9 d9 ba 06 cd 07 b0 a4 c6 29 39 1b b7 8c 1e f2 dd ef fc f8 1c 1d 39 e4 90 99 da 2f bb 54 34 01 4b 9d ca c7 39 a4 77 15 3b 14 ad ce b8 58 17 6a eb 29 fd c3 8b fb 64 90 d0 6d fc a4 e6 d0 fa 63 2e 54 82 64 4e e6 b3 e8 81 0b d1 96 91 a0 81 de e8 79 29 86 b3 52 b7 50 ee 1a 50 05 d1 dc 9e 14 c9 0b 73 45 73 a2 97 71 35 30 b9 9b 32 43 35 f0 93 09 ce d1 17 3f 46 fd db 3a b2 10 94 6c 23 ae c4 de 30 5b 95 d1 7c da 93 46 d9 0f 31 9f c4 3e e8 35 72 f9 f7 e7 b8 4b 36 c9 5f 7d 98 c7 10 6e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d1"4\c;A]s,B*/?^VVc?k|F1s}+q?T1Xv[)99/T4K9w;Xj)dmc.TdNy)RPPsEsq502C5?F:l#0[|F1>5rK6_}n
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 14 7e 45 93 0e 19 86 ca 8f 03 01 ff f7 e0 5f 39 41 be 17 7d 1d e5 c5 c4 49 3b 89 f1 fd 20 cb 0b 14 7c d3 17 e6 93 65 ae cf c1 25 1e 0f 2c 70 bd c5 bc 95 d5 76 78 c7 9a f6 33 5e 01 f5 be 63 03 19 d7 c8 53 ac d7 ed 14 53 28 08 7e 89 3f 8a 5d 85 c1 16 b3 fa 0e f2 aa e9 2f a3 18 19 25 37 d7 67 b5 96 ca 7c b7 bd 06 5a fa 5b 8d af cd f4 fd 96 e4 89 45 29 8a 68 59 81 fe 52 3b 47 f9 c0 d1 a4 d5 80 45 1a 4d 53 1a e8 32 78 f3 0a 40 d4 d6 a6 96 3c cc 38 6f a1 9f 88 23 1e 22 27 f3 2a d1 b8 e9 fd ef ec 7e 08 a8 1a 08 aa 3b 4d 7e c4 d6 51 93 25 5b ce 3e fb 9d 8f 84 38 82 a1 72 e7 c6 3f 48 68 2a 2f 11 73 c9 8b 41 d9 45 88 fb fb 1f 9c 12 e5 09 dd b1 8d 1e de bb 10 dd 83 30 ea 64 1e 95 82 ea f8 7d d1 05 b0 8f b7 b1 19 0b 3a b4 1a aa 49 f2 39 18 a9 9d 0e f8 cb f4 34 1b 95
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ~E_9A}I; |e%,pvx3^cSS(~?]/%7g|Z[E)hYR;GEMS2x@<8o#"'*~;M~Q%[>8r?Hh*/sAE0d}:I94
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 1c 51 06 8d 18 7d 49 7a 78 0a c4 55 67 55 0b 22 62 6b 8b 2f a4 7c e4 d8 a3 24 dd e6 dc f7 2a 9e 39 4f 89 2b 7c b7 5b 74 5a 1c 82 2d 85 2c 26 eb d9 34 2b 92 d0 61 0b e9 c1 6b a4 e9 47 f4 3c f7 a1 6f e6 6f f5 09 65 7c 7f 28 3f b2 a3 08 10 b8 77 77 a7 5d ba 00 f3 a4 27 fd ca dd 2a e2 9f c5 54 11 70 56 61 53 e6 cb fd 4b fb 7f 1b d9 97 79 84 d6 2f fd 88 1c 51 e9 35 b7 fd f5 a6 03 e9 87 a5 a8 9c f5 87 38 4a b9 e2 62 1e 14 24 d6 cd 8e 15 60 98 5a b3 96 5e f6 99 e6 49 ca 7c 73 4a 5b fb 75 82 40 cf f7 c5 fb 2e ac 35 0f 5a a5 f7 47 42 0e 43 1f d8 b2 72 36 89 3e d0 e2 af cd ba b9 b7 23 e7 48 3c a9 f5 53 ac b7 b4 59 a8 a8 3b d8 a6 05 61 55 48 25 0b 70 b9 b9 2b 7f 6d fb ff ef 65 6b d5 1d c6 d4 72 ff 6c 22 47 76 e6 c8 ca 93 bb bc 13 7e b5 78 28 47 1a 0d a5 5e c2 48 82
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Q}IzxUgU"bk/|$*9O+|[tZ-,&4+akG<ooe|(?ww]'*TpVaSKy/Q58Jb$`Z^I|sJ[u@.5ZGBCr6>#H<SY;aUH%p+mekrl"Gv~x(G^H
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:12 UTC1390INData Raw: 7d 74 50 22 de dd 9a bb d2 c1 f8 24 77 21 53 e7 5c 25 8d 08 7f 36 e1 62 bc b6 55 f3 72 c0 e0 5f 7e 9b 87 b2 40 b8 55 e1 f4 f5 1d 65 97 fe 8e 9e e1 22 1a 58 1c c7 05 f1 f6 81 ca 7f 0f ff 43 cd 20 27 da 14 8e 46 1a f0 f9 af 4e e9 eb b1 b4 3a bf ce 59 2e a6 6c 64 5f cb d5 f0 22 9d eb a8 59 fe c6 5d bd 4a 10 76 42 8c 3e b9 75 7e 0f 86 fb 95 5b e8 1b b5 46 93 cd 75 20 6d 7f b5 b8 c1 bb 0d 1e 6a d9 b1 04 ea 47 22 aa f6 47 dc bc fe db 31 48 04 c1 e1 a9 7e 5b 43 53 19 75 ee bf 83 1f 21 68 22 ff 97 95 ff 21 6a 2f af 56 f3 7f d5 4e 53 27 a6 09 09 24 0a 6d 61 9b 86 b4 96 12 0e 43 cc 82 91 93 36 44 ba 1b c7 76 3a 94 d0 77 74 8d 15 d5 74 fb fb 22 ed b4 d5 dd 25 48 f5 8a 7f 0c c6 e7 8c ed 78 f6 a4 03 60 ef 73 e0 47 ea ad be cb 73 54 fc a1 7a be 65 4e c7 7e 12 a7 a4 54
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }tP"$w!S\%6bUr_~@Ue"XC 'FN:Y.ld_"Y]JvB>u~[Fu mjG"G1H~[CSu!h"!j/VNS'$maC6Dv:wtt"%Hx`sGsTzeN~T


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                44192.168.2.74986934.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:13 UTC621OUTPOST /submit/firefox-desktop/top-sites/1/59bd13a9-8183-4ac7-8723-9621ae6d3748 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 667
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:13 UTC667OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 52 db 6e aa 40 14 fd 17 92 3e 55 2c 0c 28 60 72 72 12 ad 97 f1 a1 8d 9e b6 8a 2f 04 61 b0 a3 30 0c 33 83 a0 8d ff 7e 66 c0 5e 7c 6a c2 75 af c5 5a 6b ef cd 87 46 31 d9 05 98 24 b9 36 f8 d0 38 2a b4 81 d9 d1 b8 08 99 08 04 ce 90 36 d0 80 01 2c dd 34 74 a3 f7 62 b8 03 db bc 37 cc 81 61 68 1d 0d 91 f8 17 ce a5 a3 45 29 46 44 7c 39 08 94 a2 0c 09 76 0a 78 7c 08 b6 25 4e 63 f9 79 cf ea 82 ae 92 ac 30 89 f3 8a b7 40 40 ca 6c 8b 98 4c e4 19 76 af a3 25 98 71 11 b0 92 04 71 28 6e 5d bf 32 85 2c 7a c7 02 45 a2 64 8a 51 bb fd a0 6f cb 7a ce e5 db aa 55 57 34 4a 83 18 73 9a 86 a7 e0 88 18 c7 39 91 b8 69 ba 5d a3 6b 5e f1 cf 70 ca c5 f0 80 03 2c d0 03 ae 04 d3 3c 0a 53 a5 8e 88 fe fa ef ca 8e de 43 42 50 2a ab 4c b6 18 72 d4 98 fe 14
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Rn@>U,(`rr/a03~f^|juZkF1$68*6,4tb7ahE)FD|9vx|%Ncy0@@lLv%qq(n]2,zEdQozUW4Js9i]k^p,<SCBP*Lr
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:14 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                45192.168.2.74987034.160.144.1914437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:14 UTC379OUTGET /chains/202402/normandy.content-signature.mozilla.org-2025-01-01-20-48-28.chain?cachebust=2017-06-13-21-06 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:15 UTC535INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Id-2: 1tbkvZ1yt2ybosG8OLyRWhk0ZnZTRJ3BQgi4HG9QpMwZHO0BOoQw9hoRcWdAPYIgGkgfWpO29qs=
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Request-Id: B5083GZ5KK5E21VA
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Server-Side-Encryption: AES256
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5331
                                                                                                                                                                                                                                                                                                                                                                                                                Server: AmazonS3
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:18:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 88
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 20:48:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "0247105bfb31f4824a16e7f8fa535b06"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: binary/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:15 UTC855INData Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 43 39 54 43 43 41 6e 75 67 41 77 49 42 41 67 49 49 47 41 64 54 6d 31 74 51 63 6e 6b 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -----BEGIN CERTIFICATE-----MIIC9TCCAnugAwIBAgIIGAdTm1tQcnkwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:15 UTC1390INData Raw: 6b 65 53 35 6a 62 32 35 30 5a 57 35 30 4c 58 4e 70 0a 5a 32 35 68 64 48 56 79 5a 53 35 74 62 33 70 70 62 47 78 68 4c 6d 39 79 5a 7a 41 4b 42 67 67 71 68 6b 6a 4f 50 51 51 44 41 77 4e 6f 41 44 42 6c 41 6a 45 41 74 41 66 39 42 33 46 49 51 4f 6a 6f 0a 6c 44 39 54 48 72 42 30 73 30 77 41 69 79 38 6b 6d 46 58 4a 42 2f 61 41 33 73 2f 6f 59 46 70 75 44 58 41 43 33 38 66 6c 64 73 63 42 41 63 57 4b 4d 48 31 42 41 6a 41 35 31 49 65 48 34 70 55 46 0a 5a 4f 49 6b 33 55 42 74 70 44 79 6f 34 4b 48 67 6e 36 59 51 4a 72 35 78 32 59 74 70 6f 54 64 67 6a 30 72 4b 4b 77 30 50 78 4d 34 7a 56 37 67 45 45 53 72 67 46 44 55 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: keS5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAKBggqhkjOPQQDAwNoADBlAjEAtAf9B3FIQOjolD9THrB0s0wAiy8kmFXJB/aA3s/oYFpuDXAC38fldscBAcWKMH1BAjA51IeH4pUFZOIk3UBtpDyo4KHgn6YQJr5x2YtpoTdgj0rKKw0PxM4zV7gEESrgFDU=-----END CERTIFICATE----------BEGIN CERTIFICATE--
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:15 UTC1390INData Raw: 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 48 34 49 64 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 0a 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 4d 42 51 41 44 67 67 49 42 41 41 32 79 39 46 4d 73 42 47 30 66 6b 72 30 6f 0a 6b 6e 50 68 64 4e 48 4d 64 57 4f 50 75 6b 6e 75 48 6f 43 68 74 61 32 33 75 57 6b 50 6e 74 41 6b 51 7a 4d 71 36 73 72 49 6f 56 4c 57 6d 4e 54 73 75 6e 4c 4c 32 30 67 75 4f 54 31 41 6d 6a 42 39 0a 77 75 34 43 4d 52 31 37 32 52 32 41 37 6a 42 48 6e 69 76 42 6f 6a 4e 77 2f 6e 46 78 65 69 4e 31 65 4c 38 64 68 6b 79 48 6e 6b 48 5a 4d 75 76 6a 55 50 74 74 63 62 51 79 69 34 39 74 63 58 2b 63 0a 4c 42 41 4b 66 55 77 77 49 57 53 2b 7a 4d 4e 2b 31 78 6d 59 4a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: UubW96aWxsYS5vcmcwH4IdY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQEMBQADggIBAA2y9FMsBG0fkr0oknPhdNHMdWOPuknuHoChta23uWkPntAkQzMq6srIoVLWmNTsunLL20guOT1AmjB9wu4CMR172R2A7jBHnivBojNw/nFxeiN1eL8dhkyHnkHZMuvjUPttcbQyi49tcX+cLBAKfUwwIWS+zMN+1xmYJ
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:15 UTC1390INData Raw: 54 6d 2b 41 44 50 67 39 5a 73 51 46 6f 62 6d 53 64 7a 41 77 43 54 6e 39 77 64 55 62 4f 6b 4b 0a 4b 78 36 35 66 4b 71 70 54 62 54 78 71 6e 71 5a 36 54 53 58 43 36 4f 79 62 45 71 71 68 4e 7a 56 4a 75 39 6a 49 4b 69 42 30 59 45 30 62 4b 6c 4c 50 75 79 79 44 78 6e 75 39 75 74 6c 50 6a 66 30 0a 39 43 7a 32 46 53 33 75 4b 32 64 6b 51 78 36 47 6d 59 57 47 4f 32 76 66 75 50 5a 68 7a 69 50 34 4e 6d 42 51 66 76 63 6d 59 78 50 6c 33 61 5a 55 39 70 41 59 41 4f 44 2f 48 57 2b 34 75 79 4e 4c 0a 53 49 75 47 39 41 64 44 65 73 76 54 49 53 2f 67 6b 57 53 63 73 58 52 58 74 73 41 63 70 43 56 39 65 43 37 49 58 69 72 44 4e 57 73 78 34 32 54 75 65 6b 69 6a 61 31 76 46 51 43 55 79 35 4b 55 63 0a 51 70 72 49 6b 36 39 50 48 35 7a 38 67 79 70 6d 6e 6d 64 41 62 62 4c 6f 49 6e 48 59
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Tm+ADPg9ZsQFobmSdzAwCTn9wdUbOkKKx65fKqpTbTxqnqZ6TSXC6OybEqqhNzVJu9jIKiB0YE0bKlLPuyyDxnu9utlPjf09Cz2FS3uK2dkQx6GmYWGO2vfuPZhziP4NmBQfvcmYxPl3aZU9pAYAOD/HW+4uyNLSIuG9AdDesvTIS/gkWScsXRXtsAcpCV9eC7IXirDNWsx42Tuekija1vFQCUy5KUcQprIk69PH5z8gypmnmdAbbLoInHY
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:15 UTC306INData Raw: 34 51 6e 6c 79 76 0a 4f 55 72 57 64 32 64 75 34 64 4c 43 73 2b 57 57 32 45 36 2b 52 37 6a 5a 74 72 73 49 71 46 44 36 71 77 43 4c 71 63 67 42 67 43 39 43 4d 39 55 67 48 65 55 42 4f 69 78 6d 5a 4c 42 4b 43 4e 44 45 0a 4e 31 73 52 6b 6d 63 56 77 58 63 43 6c 35 62 74 64 67 56 56 71 37 34 4d 67 73 64 33 38 78 73 6d 59 75 46 6f 4d 69 36 6e 62 44 4c 6c 6c 6d 36 54 32 71 6c 38 4c 5a 45 78 79 58 32 69 2f 76 6f 30 0a 70 78 68 45 56 52 61 46 77 6a 31 4a 31 72 33 54 52 4e 58 6b 73 6a 64 71 46 63 67 70 4e 43 4d 66 32 46 52 62 6a 44 47 74 56 4c 58 52 56 47 30 44 43 43 47 52 61 79 69 67 4b 67 64 48 37 38 71 4d 0a 48 70 64 58 72 62 61 54 44 46 73 66 4d 4c 54 41 4d 6e 47 46 6e 71 4f 5a 4d 75 4d 6f 62 4e 4a 53 35 4d 36 2f 76 71 64 65 70 6f 43 38 4c 37 78 6d 49 35 64 51 67
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4QnlyvOUrWd2du4dLCs+WW2E6+R7jZtrsIqFD6qwCLqcgBgC9CM9UgHeUBOixmZLBKCNDEN1sRkmcVwXcCl5btdgVVq74Mgsd38xsmYuFoMi6nbDLllm6T2ql8LZExyX2i/vo0pxhEVRaFwj1J1r3TRNXksjdqFcgpNCMf2FRbjDGtVLXRVG0DCCGRayigKgdH78qMHpdXrbaTDFsfMLTAMnGFnqOZMuMobNJS5M6/vqdepoC8L7xmI5dQg


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                46192.168.2.74987134.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC619OUTPOST /submit/firefox-desktop/newtab/1/372e391e-787d-40e8-8beb-44106d6c22f4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 1040
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC1040OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff c5 56 db 6e e3 36 10 fd 17 bd 6e 68 90 12 75 f3 1f f4 b9 5b f4 61 b1 10 78 19 39 c4 ca a4 96 a4 b2 71 03 ff 7b 87 92 e2 4b e2 b6 40 12 a4 80 61 d8 9c 33 c3 33 87 33 43 3e 65 a3 b1 bb ce d8 de 65 db a7 2c c0 cf 6c 9b df 65 21 0a 1f bb 68 f6 90 6d b3 9c e6 05 61 94 d0 f2 2b 6d b6 9c 7d a1 6c 4b 69 76 97 81 d5 ff 89 f1 20 82 b3 88 b0 f0 2b 0a d9 05 08 c1 38 db a1 6f 8a f0 38 82 c7 08 36 86 65 7b 3f 12 a1 49 84 01 f6 10 fd 81 78 37 0c 6e 8a c9 28 bd b0 ea 1e 23 29 67 23 ae cf ee d1 8b 64 8b 87 31 b1 b0 66 2f a7 70 72 4a 0c d3 ef 14 ff 37 9d 3c f3 86 73 de f7 a4 d6 ba 25 9c 8b 9a 34 ad e0 04 5a 95 0b c6 0b ad 2a 91 1d 8f 77 d9 de 3c 82 26 69 23 74 25 03 3c c0 40 f2 39 2e c1 c0 c4 23 3f 11 80 30 56 7c 10 33 2d b4 a8 4a c5 89 e8 8b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Vn6nhu[ax9q{K@a333C>ee,le!hma+m}lKiv +8o86e{?Ix7n(#)g#d1f/prJ7<s%4Z*w<&i#t%<@9.#?0V|3-J
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                47192.168.2.74987334.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC489OUTPOST /submit/telemetry/edd11145-a3b3-4ebf-ba7b-14b7ec08f19f/main/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 10297
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC10297OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a ed 7d 0d 6f e3 38 b2 e0 5f 09 bc d8 c3 7b b8 56 46 a4 a8 af 06 1e 6e 1d db e9 f6 b5 63 67 6d a7 7b 7a 17 0b 41 96 e8 44 2f b2 e5 91 e4 a4 33 8b 06 ee 47 dc 2f bc 5f 72 55 24 25 cb b6 2c c7 e9 a4 e7 ed e1 06 33 93 44 a2 58 c5 62 7d 57 51 fa 67 2b 7f 5a f1 d6 fb d6 c2 8f 96 ad 77 ad 28 84 df 79 18 12 42 98 a9 f9 c6 cc d0 18 9f cd b5 99 6f cf 34 c2 66 36 0f 74 67 4e dc 39 8c 0d 52 ee e7 51 b2 ec fa 39 ce 40 75 6a 68 44 d7 74 73 aa db ef 19 79 6f 98 e7 16 61 7f 83 91 0f 3c cd 60 60 eb 3d 7b d7 f2 57 ab 38 0a c4 83 ad f7 ff 6c f9 69 70 17 e5 3c c8 d7 29 4e f2 cd b1 34 8b c1 23 b3 75 14 87 fd 50 cd ab bb d4 a6 06 35 a9 03 b7 96 fe 02 87 5e 46 29 9f 27 df aa d3 b7 08 71 ce f5 73 02 d7 c2 28 5b c5 fe d3 e7 9a 5b 0f 7c 19 26 29 5c ba
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }o8_{VFncgm{zAD/3G/_rU$%,3DXb}WQg+Zw(yBo4f6tgN9RQ9@ujhDtsyoa<``={W8lip<)N4#uP5^F)'qs([[|&)\
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                48192.168.2.74987234.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC489OUTPOST /submit/telemetry/18a05d94-e006-440f-b702-3e398a280dbf/health/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 334
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC334OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 6d 90 cd 6a c3 30 10 84 df 45 e7 c8 48 b2 fc 7b 2b 94 40 0e cd 29 b4 d0 4b 59 4b 6b 2c 90 2d 23 2b 69 d2 90 77 ef 3a cd a1 85 5e 04 9a fd 76 98 9d 2b 4b 97 19 59 cb 06 04 9f 06 b6 61 ce d2 4f d6 20 0a db 68 8e 42 94 5c 6b d1 f3 ae 12 8a e7 98 37 35 a8 5a d8 ae 27 d6 44 84 e4 c2 f4 0c 69 f5 50 42 e5 5c 0a 2e 8a 83 a8 5a 2d db bc c8 4a 29 de 89 3c 61 5c 08 64 ad de 30 98 67 ef cc 7d 91 b5 57 06 d1 0c 2e a1 49 c7 b8 9a 9c eb 92 97 9a 56 ba a3 f3 76 67 1f be a2 51 95 ca 55 a1 6a 1a 4d 30 ae e8 d6 45 ec c3 f9 b7 3d 93 b2 ce 44 26 49 b3 6e 99 3d 5c 5e ff 19 9d 70 b2 21 92 f4 12 be 9c f7 40 12 a1 a9 0f 71 fc 0f 3f cf 26 8c 4f 9d fb 49 f7 51 6a 3e 2e 27 b3 de 3f c0 34 a1 27 3d a2 47 58 90 dd c8 09 2e 3e 80 5d 4f 0b cb fa 3e d2 be ed
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mj0EH{+@)KYKk,-#+iw:^v+KYaO hB\k75Z'DiPB\.Z-J)<a\d0g}W.IVvgQUjM0E=D&In=\^p!@q?&OIQj>.'?4'=GX.>]O>
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                49192.168.2.74987534.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC489OUTPOST /submit/telemetry/2c8e5eea-375d-48a9-ad4c-be583ff1215d/health/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC332OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 6d 50 3d 6b c3 30 10 fd 2f 9a 23 23 c9 92 ed 78 2b 94 40 86 66 0a 2d 74 29 67 e9 8c 05 b2 65 64 27 24 0d f9 ef 3d bb 19 5a c8 22 d0 fb e2 dd bb b1 f9 3a 22 ab 59 87 10 e6 8e 6d 98 77 f4 53 b6 42 83 08 3c 2f 8d e3 ba 82 2d 07 a7 2d 6f d0 54 79 db 4a 25 8d 23 ad 4d 08 b3 8f c3 2b cc 4b 86 12 2a e7 52 70 61 8e a2 ac b5 ac 73 93 99 42 7d 92 f2 8c 69 22 21 ab f5 86 c1 38 06 6f 57 23 ab 6f 0c 92 ed fc 8c 76 3e a5 25 e4 52 15 bc d0 64 69 4e 3e b8 bd 7b e4 8a ad 2a 55 ae 8c aa 88 1a a0 5f a4 3b 9f b0 8d 97 bf f1 4c ca 2a 13 99 24 cc f9 69 0c 70 7d 7f 42 9d 71 70 31 11 f4 16 bf 7d 08 40 10 49 e7 36 a6 fe 99 fc 32 da d8 bf 34 fe b7 dd 57 a1 79 3f 9d ed 72 7f 07 c3 80 81 f0 84 01 61 42 76 a7 24 b8 86 08 6e 39 2d 4e cb fb 68 fb b1 3f 1c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: mP=k0/##x+@f-t)ged'$=Z":"YmwSB</--oTyJ%#M+K*RpasB}i"!8oW#ov>%RdiN>{*U_;L*$ip}Bqp1}@I624Wy?raBv$n9-Nh?
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                50192.168.2.74987734.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC489OUTPOST /submit/telemetry/6260e81e-5ef5-4137-a0a5-7930ea6f0a75/main/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 11371
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC11371OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a ed 7d 0b 6f e3 38 d2 e0 5f 09 fc 61 0f df 87 8b 33 a2 de 6a e0 c3 ad 63 3b 69 df f8 35 b6 d3 99 9e c5 42 90 2d 3a d1 45 b6 3c 92 9c c7 2c fa bf 5f 15 49 c9 92 2d cb 71 1e 2d ef e1 16 3b 9d 44 a2 c8 62 bd 59 24 ab fe 55 8b 5f 56 b4 f6 a5 b6 70 bc 65 ed bc e6 b9 f0 bb 2e eb 12 35 09 ad 6b 74 ae d5 55 a2 18 75 47 72 b4 ba 61 29 12 75 f4 b9 e4 18 1a b4 9d 85 d4 89 bd 60 d9 72 62 ec 41 96 64 a5 4e a4 ba a4 4d 24 e3 8b 4a be 28 d2 85 a2 aa 7f 40 cb 47 1a 46 d0 b0 f6 45 3d af 39 ab 95 ef cd d8 87 b5 2f ff aa 39 e1 ec de 8b e9 2c 5e 87 d8 c9 b3 a9 d7 75 15 3e 99 ae 3d df ed b8 a2 5f c9 92 0d 59 91 35 d9 84 57 4b 67 81 4d af bc 90 ce 83 e7 6c f7 35 42 cc 0b e9 82 c0 33 d7 8b 56 be f3 f2 ad e0 d5 23 5d ba 41 08 8f 7a c1 5f 9e ef 3b f0
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }o8_a3jc;i5B-:E<,_I-q-;DbY$U_Vpe.5ktUuGra)u`rbAdNM$J(@GFE=9/9,^u>=_Y5WKgMl5B3V#]Az_;
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                51192.168.2.74987434.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC489OUTPOST /submit/telemetry/ff032c8b-05e6-43c9-9e84-732dbe7aca27/event/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 3028
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC3028OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a d5 59 0b 8f db b8 11 fe 2b 82 80 16 77 c0 d2 a7 97 65 cb c0 a1 f1 ae 77 37 8b c6 b9 c5 be 72 6d 10 18 14 45 d9 ec ea 15 8a b2 d7 17 04 e8 8f e8 2f ec 2f e9 0c 29 6b e5 7d a4 9b a4 40 ef 02 24 91 87 e4 70 38 cf 6f c8 4f b6 da 56 dc 9e d8 7c cd 0b 65 1f d8 22 81 1f 69 ea f8 1e 1b c7 c4 19 f2 90 04 3e 8b 48 c4 c7 01 19 f9 5e 12 f3 11 65 d4 1b c1 5c 26 39 55 a2 2c 66 54 21 0b cf f1 7c e2 3a b0 e8 ca 19 4d 02 77 e2 0f 07 a1 13 fe 1d 66 ae b9 ac 61 a2 3d 09 0e 6c 5a 55 99 60 7a a1 3d f9 64 53 c9 56 42 71 a6 1a 89 4c ee c6 21 09 03 58 12 37 22 4b ce 92 96 af 13 79 23 cf f7 86 de 18 86 0a 9a e3 d4 13 21 79 5a de f5 d9 db ae 3b 1e 38 03 17 68 89 a8 ab 8c 6e 6f 9e 18 82 a3 26 a5 04 d2 bc fc 4d 64 19 05 12 4c 55 69 29 f3 a7 a6 df 55 ac
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Y+wew7rmE//)k}@$p8oOV|e"i>H^e\&9U,fT!|:Mwfa=lZU`z=dSVBqL!X7"Ky#!yZ;8hno&MdLUi)U
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                52192.168.2.74987634.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC499OUTPOST /submit/telemetry/6786f292-c1be-4996-99cd-77aa855c1844/first-shutdown/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 11376
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:17 UTC11376OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a ed 7d 0b 6f e3 38 d2 e0 5f 09 fc 61 0f df 87 8b 33 a2 de 6a e0 c3 ad 63 3b 69 df f8 35 b6 d3 99 9e c5 42 90 2d 3a d1 45 b6 3c 92 9c c7 2c fa bf 5f 15 49 c9 92 2d cb 71 1e 2d ef e1 16 3b 9d 44 a2 c8 62 bd 59 24 ab fe 55 8b 5f 56 b4 f6 a5 36 f7 c2 28 ae 47 f7 eb d8 0d 9e 96 b5 f3 9a e7 c2 53 dd 30 f5 b9 6c c9 f5 19 99 d2 ba 6a 59 7a dd b2 66 6e dd 30 1c c7 d4 b4 19 31 55 15 da ce 42 ea c4 5e b0 6c 39 31 f6 25 4b b2 52 27 52 5d d2 26 92 f1 45 25 5f 14 e9 42 51 8d 3f a0 e5 23 0d 23 68 58 fb a2 9e d7 9c d5 ca f7 66 ec c3 da 97 7f d5 9c 70 76 ef c5 74 16 af 43 ec e4 d9 d4 eb 3a 76 3e 5d 7b be db 71 45 bf 92 25 1b b2 22 6b b2 09 af 96 ce 02 9b 5e 79 21 9d 07 cf d9 ee 6b 84 98 17 d2 05 81 67 ae 17 ad 7c e7 e5 5b c1 ab 47 ba 74 83 10
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }o8_a3jc;i5B-:E<,_I-q-;DbY$U_V6(GS0ljYzfn01UB^l91%KR'R]&E%_BQ?##hXfpvtC:v>]{qE%"k^y!kg|[Gt
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                53192.168.2.74988334.160.144.1914437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:18 UTC379OUTGET /chains/202402/normandy.content-signature.mozilla.org-2025-01-22-11-21-21.chain?cachebust=2017-06-13-21-06 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Id-2: 3CIipIa5z79gqOYN+piWsSplReFUp7WsQ6FOLhEmdC4l9rqmNWKG/9uGw354Vziv4NE5VICCXazNLGjYzuBvyg==
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Request-Id: 89V92DFVDGVA4QMB
                                                                                                                                                                                                                                                                                                                                                                                                                X-Amz-Server-Side-Encryption: AES256
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 5331
                                                                                                                                                                                                                                                                                                                                                                                                                Server: AmazonS3
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:03:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 998
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 03 Dec 2024 11:21:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "87916b50716f5e45f84f3a8095974aa9"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: binary/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC842INData Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 43 39 44 43 43 41 6e 75 67 41 77 49 42 41 67 49 49 47 41 32 6d 32 4b 36 34 75 59 38 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -----BEGIN CERTIFICATE-----MIIC9DCCAnugAwIBAgIIGA2m2K64uY8wCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC1390INData Raw: 41 6f 67 69 5a 75 62 33 4a 74 59 57 35 6b 65 53 35 6a 62 32 35 30 5a 57 35 30 4c 58 4e 70 0a 5a 32 35 68 64 48 56 79 5a 53 35 74 62 33 70 70 62 47 78 68 4c 6d 39 79 5a 7a 41 4b 42 67 67 71 68 6b 6a 4f 50 51 51 44 41 77 4e 6e 41 44 42 6b 41 6a 42 49 69 4a 4d 66 72 45 74 76 46 71 55 55 0a 36 77 52 69 6a 6b 7a 4a 46 45 30 78 66 7a 62 7a 5a 39 4c 50 35 56 4b 49 43 74 6d 78 41 37 55 68 2b 77 70 37 78 66 65 4d 53 44 36 44 79 64 53 67 4d 6c 45 43 4d 44 6f 78 37 47 59 6e 63 43 4f 56 0a 4d 48 34 4d 46 2f 6a 32 32 64 48 6a 58 5a 6d 45 6c 6f 7a 70 50 6f 6c 41 2b 4e 79 6a 41 57 44 77 74 35 64 2b 71 45 35 7a 49 58 48 70 51 63 64 6a 6f 4d 50 43 32 41 3d 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: AogiZub3JtYW5keS5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAKBggqhkjOPQQDAwNnADBkAjBIiJMfrEtvFqUU6wRijkzJFE0xfzbzZ9LP5VKICtmxA7Uh+wp7xfeMSD6DydSgMlECMDox7GYncCOVMH4MF/j22dHjXZmElozpPolA+NyjAWDwt5d+qE5zIXHpQcdjoMPC2A==-----END CERTIFICATE----------BEGIN
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC1390INData Raw: 43 31 7a 61 57 64 75 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 48 34 49 64 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 0a 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 4d 42 51 41 44 67 67 49 42 41 41 32 79 39 46 4d 73 42 47 30 66 6b 72 30 6f 0a 6b 6e 50 68 64 4e 48 4d 64 57 4f 50 75 6b 6e 75 48 6f 43 68 74 61 32 33 75 57 6b 50 6e 74 41 6b 51 7a 4d 71 36 73 72 49 6f 56 4c 57 6d 4e 54 73 75 6e 4c 4c 32 30 67 75 4f 54 31 41 6d 6a 42 39 0a 77 75 34 43 4d 52 31 37 32 52 32 41 37 6a 42 48 6e 69 76 42 6f 6a 4e 77 2f 6e 46 78 65 69 4e 31 65 4c 38 64 68 6b 79 48 6e 6b 48 5a 4d 75 76 6a 55 50 74 74 63 62 51 79 69 34 39 74 63 58 2b 63 0a 4c 42 41 4b 66 55 77 77
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: C1zaWduYXR1cmUubW96aWxsYS5vcmcwH4IdY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQEMBQADggIBAA2y9FMsBG0fkr0oknPhdNHMdWOPuknuHoChta23uWkPntAkQzMq6srIoVLWmNTsunLL20guOT1AmjB9wu4CMR172R2A7jBHnivBojNw/nFxeiN1eL8dhkyHnkHZMuvjUPttcbQyi49tcX+cLBAKfUww
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC1390INData Raw: 68 4b 53 33 78 33 57 65 73 4d 30 73 68 54 6d 2b 41 44 50 67 39 5a 73 51 46 6f 62 6d 53 64 7a 41 77 43 54 6e 39 77 64 55 62 4f 6b 4b 0a 4b 78 36 35 66 4b 71 70 54 62 54 78 71 6e 71 5a 36 54 53 58 43 36 4f 79 62 45 71 71 68 4e 7a 56 4a 75 39 6a 49 4b 69 42 30 59 45 30 62 4b 6c 4c 50 75 79 79 44 78 6e 75 39 75 74 6c 50 6a 66 30 0a 39 43 7a 32 46 53 33 75 4b 32 64 6b 51 78 36 47 6d 59 57 47 4f 32 76 66 75 50 5a 68 7a 69 50 34 4e 6d 42 51 66 76 63 6d 59 78 50 6c 33 61 5a 55 39 70 41 59 41 4f 44 2f 48 57 2b 34 75 79 4e 4c 0a 53 49 75 47 39 41 64 44 65 73 76 54 49 53 2f 67 6b 57 53 63 73 58 52 58 74 73 41 63 70 43 56 39 65 43 37 49 58 69 72 44 4e 57 73 78 34 32 54 75 65 6b 69 6a 61 31 76 46 51 43 55 79 35 4b 55 63 0a 51 70 72 49 6b 36 39 50 48 35 7a 38 67 79 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hKS3x3WesM0shTm+ADPg9ZsQFobmSdzAwCTn9wdUbOkKKx65fKqpTbTxqnqZ6TSXC6OybEqqhNzVJu9jIKiB0YE0bKlLPuyyDxnu9utlPjf09Cz2FS3uK2dkQx6GmYWGO2vfuPZhziP4NmBQfvcmYxPl3aZU9pAYAOD/HW+4uyNLSIuG9AdDesvTIS/gkWScsXRXtsAcpCV9eC7IXirDNWsx42Tuekija1vFQCUy5KUcQprIk69PH5z8gyp
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:20 UTC319INData Raw: 72 6a 6e 74 42 44 45 46 74 56 44 35 73 34 51 6e 6c 79 76 0a 4f 55 72 57 64 32 64 75 34 64 4c 43 73 2b 57 57 32 45 36 2b 52 37 6a 5a 74 72 73 49 71 46 44 36 71 77 43 4c 71 63 67 42 67 43 39 43 4d 39 55 67 48 65 55 42 4f 69 78 6d 5a 4c 42 4b 43 4e 44 45 0a 4e 31 73 52 6b 6d 63 56 77 58 63 43 6c 35 62 74 64 67 56 56 71 37 34 4d 67 73 64 33 38 78 73 6d 59 75 46 6f 4d 69 36 6e 62 44 4c 6c 6c 6d 36 54 32 71 6c 38 4c 5a 45 78 79 58 32 69 2f 76 6f 30 0a 70 78 68 45 56 52 61 46 77 6a 31 4a 31 72 33 54 52 4e 58 6b 73 6a 64 71 46 63 67 70 4e 43 4d 66 32 46 52 62 6a 44 47 74 56 4c 58 52 56 47 30 44 43 43 47 52 61 79 69 67 4b 67 64 48 37 38 71 4d 0a 48 70 64 58 72 62 61 54 44 46 73 66 4d 4c 54 41 4d 6e 47 46 6e 71 4f 5a 4d 75 4d 6f 62 4e 4a 53 35 4d 36 2f 76 71 64 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rjntBDEFtVD5s4QnlyvOUrWd2du4dLCs+WW2E6+R7jZtrsIqFD6qwCLqcgBgC9CM9UgHeUBOixmZLBKCNDEN1sRkmcVwXcCl5btdgVVq74Mgsd38xsmYuFoMi6nbDLllm6T2ql8LZExyX2i/vo0pxhEVRaFwj1J1r3TRNXksjdqFcgpNCMf2FRbjDGtVLXRVG0DCCGRayigKgdH78qMHpdXrbaTDFsfMLTAMnGFnqOZMuMobNJS5M6/vqde


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                54192.168.2.74989034.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC618OUTPOST /submit/firefox-desktop/newtab/1/7917ce80-55b3-46ca-99c2-70537bbb959a HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 846
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC846OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff ad 55 db 8e a3 38 10 fd 17 5e 27 46 36 38 dc fe 60 9f 77 56 fb 30 1a 21 5f 0a 62 0d b1 19 db a4 3b 6a f5 bf 6f 19 d2 24 dd 8a b4 d2 6a 25 84 a0 5c 75 ea 70 ea c2 5b 36 1b 3b f6 c6 0e 2e eb de b2 00 bf b3 ae 3c 64 21 0a 1f fb 68 ce 90 75 59 41 8b 92 30 4a e8 f1 3b 6d 3a ce be 51 d6 51 9a 1d 32 b0 fa 5f 7d 3c 88 e0 2c 7a 58 78 89 42 f6 01 42 30 ce f6 18 9b 10 5e 67 f0 88 60 63 d8 d2 fb 99 08 4d 22 4c 70 86 e8 af c4 bb 69 72 4b 4c 87 d2 0b ab 4e 88 a4 9c 8d 68 5f c3 a3 17 e9 2c 5e e7 c4 c2 9a b3 5c c2 1e 94 18 a6 e7 84 ff 87 4e 91 45 c3 39 1f 06 52 6b dd 12 ce 45 4d 9a 56 70 02 ad 2a 04 e3 a5 56 95 c8 de df 0f d9 d9 bc 82 26 29 11 86 92 09 2e 30 91 62 c5 25 08 4c 3c f2 13 01 08 63 e5 ff c4 4c 0b 2d aa a3 e2 44 0c 65 45 b8 50 03
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: U8^'F68`wV0!_b;jo$j%\up[6;.<d!huYA0J;m:QQ2_}<,zXxBB0^g`cM"LpirKLNh_,^\NE9RkEMVp*V&).0b%L<cL-DeEP
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                55192.168.2.74989234.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC495OUTPOST /submit/telemetry/3be89113-af2b-4b48-9c47-40ac1156f7a2/new-profile/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2454
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC2454OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a d5 58 6d 6f db 38 12 fe 2b 82 80 3d ec 02 91 2b c9 8a 63 07 58 5c ed d8 49 83 8d d3 20 4e d2 bd 5b 14 06 25 8d 6c 9e 25 4a 25 25 3b 6e d1 ff 7e 33 a4 ac c8 89 d3 db eb 7e e9 06 48 22 0d 87 c3 e1 cc 33 6f fa 62 97 db 02 ec 53 5b c0 c6 29 64 9e f0 14 ec 23 9b c7 48 ea 86 d0 1f 78 5e d7 61 89 1f 3a 41 18 f4 9d 41 14 9c 38 81 cb 22 cf 3b ee 25 27 cc 47 de 48 02 2b 79 2e c6 ac 24 41 be eb 77 1d cf 75 dc e3 3b f7 e4 34 f0 4e bb 6e a7 db 3d f9 37 72 ae 41 2a 64 b4 4f 83 23 9b 15 45 ca 23 bd d1 3e fd 62 33 19 2d 79 09 51 59 49 12 f2 d8 ef 39 bd 00 b7 84 15 4f e3 cb b8 96 eb 0e fc 13 bf eb 1f fb 7d 5c 12 2c 23 d6 73 2e 21 c9 1f db e2 6d cf eb 77 dc 8e 87 b4 98 ab 22 65 db 87 03 4b 6b 10 71 2e 91 34 cd 3f f3 34 65 48 42 d6 32 c9 65 76
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Xmo8+=+cX\I N[%l%J%%;n~3~H"3obS[)d#Hx^a:AA8";%'GH+y.$Awu;4Nn=7rA*dO#E#>b3-yQYI9O}\,#s.!mw"eKkq.4?4eHB2ev
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                56192.168.2.74989134.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC489OUTPOST /submit/telemetry/2824c836-2afd-4a95-940b-ed2b991ba55d/event/Firefox/118.0.1/release/20230927232528?v=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 16:26:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2518
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC2518OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a d5 58 7b 6f db 38 12 ff 2a 82 80 3d ec 02 91 2b c9 f2 43 06 16 57 bf 92 06 1b b7 41 5e dd bb a2 30 28 91 b2 79 d6 ab 24 65 c7 2d fa dd 6f 86 94 15 39 8f de 5e f7 9f 36 40 12 69 38 1c 0e e7 f1 9b 19 7d b1 d5 be 64 f6 c8 66 5b 96 2b fb c4 e6 14 5e fc a1 1f c4 c3 6e df f1 49 42 9d 80 84 3d 27 0c dc c8 61 d4 8f c2 d0 8b 48 af 47 81 37 16 8c 28 5e e4 33 a2 50 84 ef fa 5d c7 73 1d b7 77 e3 0e 46 81 37 ea ba 9d 6e e0 fe 1b 38 b7 4c 48 60 b4 47 c1 89 4d ca 32 e5 b1 de 68 8f be d8 44 c4 6b ae 58 ac 2a 81 42 ee 87 7d a7 1f c0 96 a8 e2 29 3d a7 b5 5c 37 f4 07 7e d7 ef f9 43 58 ca 49 86 ac a7 5c b0 a4 b8 6f 8b b7 3d 6f d8 71 3b 1e d0 28 97 65 4a f6 77 cf 2c c1 55 69 21 80 b4 28 3e f3 34 25 40 02 56 95 14 22 7b 8e fd be 8c 8b 6c 1c 71 a3
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: X{o8*=+CWA^0(y$e-o9^6@i8}df[+^nIB='aHG7(^3P]swF7n8LH`GM2hDkX*B})=\7~CXI\o=oq;(eJw,Ui!(>4%@V"{lq
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                57192.168.2.74989334.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:21 UTC406OUTGET /v1/buckets/main/collections/top-sites/changeset?_expected=1723136665642&_since=%221647020600359%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 4402
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:23:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3400
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 00:00:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 75 72 6c 22 2c 22 6f 72 64 65 72 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 75 72 6c 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 55 52 4c 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 55 52 4c 20 6f 66 20 74 68 65 20 74 6f 70 20 73 69 74 65 2e 22 7d 2c 22 6f 72 64 65 72 22 3a 7b 22 74 79 70 65 22 3a 22 6e 75 6d 62 65 72 22 2c 22 74 69 74 6c 65 22 3a 22 50 72 65 73 65 6e 74 61 74 69 6f 6e 20 6f 72 64 65 72 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 50 72 65 73 65 6e 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["url","order"],"properties":{"url":{"type":"string","title":"URL","description":"URL of the top site."},"order":{"type":"number","title":"Presentation order","description":"Present
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC1390INData Raw: 3a 22 73 74 72 69 6e 67 22 2c 22 6d 69 6e 4c 65 6e 67 74 68 22 3a 32 7d 2c 22 74 69 74 6c 65 22 3a 22 49 6e 63 6c 75 64 65 20 6c 6f 63 61 6c 65 73 22 2c 22 6d 69 6e 49 74 65 6d 73 22 3a 30 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4c 69 73 74 20 6f 66 20 6c 6f 63 61 6c 65 73 20 74 6f 20 69 6e 63 6c 75 64 65 20 28 42 43 50 20 34 37 20 66 6f 72 6d 61 74 2c 20 65 67 2e 20 5c 22 64 65 2d 41 54 5c 22 2c 20 5c 22 66 72 2d 43 41 5c 22 29 2e 20 53 65 74 20 6e 6f 6e 65 20 74 6f 20 69 6e 63 6c 75 64 65 20 61 6c 6c 2e 22 2c 22 75 6e 69 71 75 65 49 74 65 6d 73 22 3a 74 72 75 65 7d 2c 22 69 6e 63 6c 75 64 65 5f 72 65 67 69 6f 6e 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :"string","minLength":2},"title":"Include locales","minItems":0,"description":"List of locales to include (BCP 47 format, eg. \"de-AT\", \"fr-CA\"). Set none to include all.","uniqueItems":true},"include_regions":{"type":"array","items":{"type":"string","
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC1390INData Raw: 6e 74 20 49 44 73 2e 22 2c 22 75 6e 69 71 75 65 49 74 65 6d 73 22 3a 74 72 75 65 7d 2c 22 73 70 6f 6e 73 6f 72 65 64 5f 63 6c 69 63 6b 5f 75 72 6c 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 53 70 6f 6e 73 6f 72 65 64 20 63 6c 69 63 6b 20 55 52 4c 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 63 6c 69 63 6b 20 55 52 4c 20 6f 66 20 74 68 65 20 73 70 6f 6e 73 6f 72 65 64 20 74 6f 70 20 73 69 74 65 2e 22 7d 2c 22 75 72 6c 5f 75 72 6c 62 61 72 5f 6f 76 65 72 72 69 64 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 75 72 6c 62 61 72 2d 73 70 65 63 69 66 69 63 20 55 52 4c 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 75 72 6c 62 61 72 2d 73 70 65 63 69 66 69 63
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nt IDs.","uniqueItems":true},"sponsored_click_url":{"type":"string","title":"Sponsored click URL","description":"The click URL of the sponsored top site."},"url_urlbar_override":{"type":"string","title":"urlbar-specific URL","description":"urlbar-specific
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC789INData Raw: 6f 6e 73 22 2c 22 69 6e 63 6c 75 64 65 5f 65 78 70 65 72 69 6d 65 6e 74 73 22 2c 22 65 78 63 6c 75 64 65 5f 65 78 70 65 72 69 6d 65 6e 74 73 22 5d 2c 22 69 64 22 3a 22 74 6f 70 2d 73 69 74 65 73 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 32 39 36 30 37 39 33 38 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 33 31 33 36 36 36 35 36 34 32 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 37 38 65 35 65 36 35 30 2d 65 32 37 63 2d 34 38 35 63 2d 61 33 32 31 2d 66 31 65 61 33 64 31 36 31 63 33 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 33 31 33 36 36 36 35 36 34 32 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ons","include_experiments","exclude_experiments"],"id":"top-sites","last_modified":1733529607938,"bucket":"main"},"timestamp":1723136665642,"changes":[{"deleted":true,"id":"78e5e650-e27c-485c-a321-f1ea3d161c34","last_modified":1723136665642},{"deleted":tr


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                58192.168.2.74990034.107.243.934437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC604OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: push.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                                                                                                                                                                                                                Origin: wss://push.services.mozilla.com/
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Protocol: push-notification
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Key: cYyc88Q6gf/OTueMSZBSWQ==
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive, Upgrade
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC220INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 81
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 15:20:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:22 UTC81INData Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                59192.168.2.74990334.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:23 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/010cab1b-3626-48b5-9d6b-0e4dfe4db5fa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 656
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:23 UTC656OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 9d 54 4d 6f db 30 0c fd 2f ba ae cc 24 5b fe ca 6d 87 1d 76 1a 90 76 d8 a5 80 21 4b 74 2a cc 91 3d 49 6e 13 14 fd ef a3 9c 36 19 96 a0 05 06 18 86 4d 3d 3d 3e 3d 92 7a 66 93 75 db d6 ba 7e 64 eb 67 16 f0 37 5b 0b 71 c3 42 54 3e b6 d1 ee 90 ad 59 c6 b3 1c 04 07 5e dc f1 7a 2d c5 27 2e d6 9c b3 1b 86 ce 7c 8c d9 4f e8 09 e3 62 48 19 76 76 8f 06 f4 e8 22 45 60 c0 47 1c 20 03 3f 0e 03 8c 73 04 8f 03 aa 80 20 44 9e d0 9d 57 4e 3f 10 7d da 40 a0 85 2f 7a 95 d6 e2 61 4a 89 9d dd 75 73 58 18 88 60 11 95 be 53 c2 6f 86 d6 8d 32 aa 2c b4 04 d5 e7 25 48 a5 7b e8 fa 42 40 d9 ab 5c a3 aa 34 7d b0 97 17 3a 32 fa 09 94 81 48 12 76 18 fd e1 c4 f9 81 90 7f 12 ea ac 96 52 f6 3d 54 c6 34 20 a5 aa a0 6e 94 04 6c 74 a6 84 cc 8d 2e 15 6d bf 2e 3f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TMo0/$[mvv!Kt*=In6M==>=zfu~dg7[qBT>Y^z-'.|ObHvv"E`G ?s DWN?}@/zaJusX`So2,%H{B@\4}:2HvR=T4 nlt.m.?
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                60192.168.2.74990234.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:23 UTC416OUTGET /v1/buckets/main/collections/translations-models/changeset?_expected=1728419357989&_since=%221692284142841%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 166270
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 80
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 00:00:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 6e 61 6d 65 22 2c 22 76 65 72 73 69 6f 6e 22 2c 22 66 72 6f 6d 4c 61 6e 67 22 2c 22 74 6f 4c 61 6e 67 22 2c 22 66 69 6c 65 54 79 70 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 6c 61 6e 67 75 61 67 65 20 6d 6f 64 65 6c 22 7d 2c 22 74 6f 4c 61 6e 67
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["name","version","fromLang","toLang","fileType"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the language model"},"toLang
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 72 30 77 34 6d 6d 33 35 33 6c 68 52 32 56 5a 65 30 61 30 55 49 66 37 67 48 45 42 48 52 6b 61 68 7a 73 65 78 6a 6f 45 47 47 6e 78 48 43 39 4a 39 47 4c 39 77 31 41 51 61 75 6e 4e 7a 39 45 54 35 36 42 32 76 7a 4d 51 5f 45 76 68 73 4e 44 56 78 43 70 61 79 31
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: -signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"r0w4mm353lhR2VZe0a0UIf7gHEBHRkahzsexjoEGGnxHC9J9GL9w1AQaunNz9ET56B2vzMQ_EvhsNDVxCpay1
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 38 64 33 39 39 63 36 62 32 33 34 34 34 64 65 33 36 64 37 36 65 39 65 32 36 33 30 63 37 30 32 34 63 32 39 64 39 65 36 31 37 33 32 33 62 38 32 30 61 31 31 36 33 31 35 33 35 61 22 2c 22 73 69 7a 65 22 3a 31 37 31 34 31 30 35 31 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 6d 6f 64 65 6c 2e 65 6e 65 6c 2e 69 6e 74 67 65 6d 6d 2e 61 6c 70 68 61 73 2e 62 69 6e 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 74 72 61 6e 73 6c 61 74 69 6f 6e 73 2d 6d 6f 64 65 6c 73 2f 32 36 64 65 61 64 39 31 2d 65 34 36 63 2d 34 34 32 63 2d 38 35 64 30 2d 61 36 66 65 31 33 66 61 64 35 35 61 2e 62 69 6e 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 66 69 6c 74 65 72 5f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 8d399c6b23444de36d76e9e2630c7024c29d9e617323b820a11631535a","size":17141051,"filename":"model.enel.intgemm.alphas.bin","location":"main-workspace/translations-models/26dead91-e46c-442c-85d0-a6fe13fad55a.bin","mimetype":"application/octet-stream"},"filter_
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 61 6e 67 22 3a 22 72 75 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 30 61 32 22 2c 22 66 69 6c 65 54 79 70 65 22 3a 22 76 6f 63 61 62 22 2c 22 66 72 6f 6d 4c 61 6e 67 22 3a 22 65 6e 22 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 35 36 65 65 36 33 65 31 34 65 38 63 62 39 32 36 63 33 39 34 32 34 32 61 64 63 33 65 64 37 63 63 36 30 32 36 34 34 63 33 64 33 33 30 35 38 63 66 66 32 63 65 32 39 35 39 64 35 32 61 36 32 35 38 22 2c 22 73 69 7a 65 22 3a 39 30 34 34 35 35 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 76 6f 63 61 62 2e 65 6e 72 75 2e 73 70 6d 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 74 72 61 6e 73 6c 61 74 69 6f 6e 73 2d 6d 6f 64 65 6c 73 2f 64 34 31 30 66 65 35 66 2d 33 66 35 64 2d 34
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ang":"ru","version":"1.0a2","fileType":"vocab","fromLang":"en","attachment":{"hash":"56ee63e14e8cb926c394242adc3ed7cc602644c3d33058cff2ce2959d52a6258","size":904455,"filename":"vocab.enru.spm","location":"main-workspace/translations-models/d410fe5f-3f5d-4
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 22 2c 22 69 64 22 3a 22 66 62 37 32 37 65 62 31 2d 36 38 34 61 2d 34 32 66 39 2d 38 63 37 30 2d 66 61 32 31 35 35 33 38 34 35 36 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 37 38 38 34 37 38 39 32 30 34 7d 2c 7b 22 6e 61 6d 65 22 3a 22 6d 6f 64 65 6c 2e 65 6e 72 6f 2e 69 6e 74 67 65 6d 6d 2e 61 6c 70 68 61 73 2e 62 69 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 37 38 31 38 33 35 39 37 33 30 2c 22 74 6f 4c 61 6e 67 22 3a 22 72 6f 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 30 22 2c 22 66 69 6c 65 54 79 70 65 22 3a 22 6d 6f 64 65 6c 22 2c 22 66 72 6f 6d 4c 61 6e 67 22 3a 22 65 6e 22 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 61 61 39 38 63 34 31 35 65 35 62 65 62 31 63 35 65 65 32 66 37 64 32 35 30 38 61 33
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ","id":"fb727eb1-684a-42f9-8c70-fa2155384567","last_modified":1727884789204},{"name":"model.enro.intgemm.alphas.bin","schema":1727818359730,"toLang":"ro","version":"1.0","fileType":"model","fromLang":"en","attachment":{"hash":"aa98c415e5beb1c5ee2f7d2508a3
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 38 32 2d 33 32 37 64 2d 34 61 62 30 2d 62 61 64 36 2d 31 37 65 37 36 33 31 65 63 31 36 33 2e 62 69 6e 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 66 69 6c 74 65 72 5f 65 78 70 72 65 73 73 69 6f 6e 22 3a 22 22 2c 22 69 64 22 3a 22 62 65 30 32 62 37 35 36 2d 37 63 65 61 2d 34 61 66 39 2d 62 31 65 31 2d 38 39 30 65 31 61 39 38 64 37 63 36 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 37 38 38 34 37 38 39 31 39 36 7d 2c 7b 22 6e 61 6d 65 22 3a 22 6c 65 78 2e 35 30 2e 35 30 2e 65 6e 69 64 2e 73 32 74 2e 62 69 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 37 38 31 38 33 35 35 34 32 34 2c 22 74 6f 4c 61 6e 67 22 3a 22 69 64 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 82-327d-4ab0-bad6-17e7631ec163.bin","mimetype":"application/octet-stream"},"filter_expression":"","id":"be02b756-7cea-4af9-b1e1-890e1a98d7c6","last_modified":1727884789196},{"name":"lex.50.50.enid.s2t.bin","schema":1727818355424,"toLang":"id","version":"1
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 74 72 61 6e 73 6c 61 74 69 6f 6e 73 2d 6d 6f 64 65 6c 73 2f 36 63 34 39 64 35 31 62 2d 31 36 37 62 2d 34 62 64 63 2d 61 61 62 38 2d 32 61 62 65 33 32 31 30 35 35 32 39 2e 73 70 6d 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 74 65 78 74 2f 70 6c 61 69 6e 22 7d 2c 22 66 69 6c 74 65 72 5f 65 78 70 72 65 73 73 69 6f 6e 22 3a 22 22 2c 22 69 64 22 3a 22 64 64 30 31 31 31 65 36 2d 35 62 63 34 2d 34 61 30 37 2d 39 66 65 63 2d 61 61 31 63 64 35 61 37 38 33 31 65 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 37 38 38 34 37 38 39 31 38 38 7d 2c 7b 22 6e 61 6d 65 22 3a 22 76 6f 63 61 62 2e 65 6e 63 73 2e 73 70 6d 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 37 38 31 38 33 33 39 35 34 36 2c 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ion":"main-workspace/translations-models/6c49d51b-167b-4bdc-aab8-2abe32105529.spm","mimetype":"text/plain"},"filter_expression":"","id":"dd0111e6-5bc4-4a07-9fec-aa1cd5a7831e","last_modified":1727884789188},{"name":"vocab.encs.spm","schema":1727818339546,"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 65 6e 61 6d 65 22 3a 22 6c 65 78 2e 35 30 2e 35 30 2e 65 6e 72 6f 2e 73 32 74 2e 62 69 6e 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 74 72 61 6e 73 6c 61 74 69 6f 6e 73 2d 6d 6f 64 65 6c 73 2f 63 33 38 61 30 63 65 63 2d 61 64 64 37 2d 34 64 36 62 2d 38 65 62 37 2d 37 34 35 33 32 37 62 30 63 62 66 39 2e 62 69 6e 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 66 69 6c 74 65 72 5f 65 78 70 72 65 73 73 69 6f 6e 22 3a 22 65 6e 76 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 27 64 65 66 61 75 6c 74 27 20 7c 7c 20 65 6e 76 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 27 6e 69 67 68 74 6c 79 27 22 2c 22 69 64 22 3a 22 64 35 37 65 33 39 32 37 2d 31 34 38 66 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ename":"lex.50.50.enro.s2t.bin","location":"main-workspace/translations-models/c38a0cec-add7-4d6b-8eb7-745327b0cbf9.bin","mimetype":"application/octet-stream"},"filter_expression":"env.channel == 'default' || env.channel == 'nightly'","id":"d57e3927-148f-
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 35 30 2e 65 6e 69 64 2e 73 32 74 2e 62 69 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 37 38 31 31 36 32 33 30 34 33 2c 22 74 6f 4c 61 6e 67 22 3a 22 69 64 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 30 61 31 22 2c 22 66 69 6c 65 54 79 70 65 22 3a 22 6c 65 78 22 2c 22 66 72 6f 6d 4c 61 6e 67 22 3a 22 65 6e 22 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 64 33 37 66 37 32 62 63 61 62 36 65 37 62 63 35 32 66 64 32 32 33 33 35 30 66 39 35 35 32 31 62 35 38 31 30 62 62 32 34 38 36 61 39 37 32 37 35 66 38 36 30 37 37 39 38 38 66 63 65 64 33 66 34 22 2c 22 73 69 7a 65 22 3a 33 35 31 35 34 32 38 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 6c 65 78 2e 35 30 2e 35 30 2e 65 6e 69 64 2e 73 32 74 2e 62 69 6e 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 50.enid.s2t.bin","schema":1727811623043,"toLang":"id","version":"1.0a1","fileType":"lex","fromLang":"en","attachment":{"hash":"d37f72bcab6e7bc52fd223350f95521b5810bb2486a97275f86077988fced3f4","size":3515428,"filename":"lex.50.50.enid.s2t.bin","location":
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:24 UTC1390INData Raw: 36 65 2d 35 39 31 64 65 61 30 36 39 39 30 36 2e 73 70 6d 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 74 65 78 74 2f 70 6c 61 69 6e 22 7d 2c 22 66 69 6c 74 65 72 5f 65 78 70 72 65 73 73 69 6f 6e 22 3a 22 65 6e 76 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 27 64 65 66 61 75 6c 74 27 20 7c 7c 20 65 6e 76 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 27 6e 69 67 68 74 6c 79 27 22 2c 22 69 64 22 3a 22 31 35 38 66 39 65 31 64 2d 31 35 61 37 2d 34 32 38 36 2d 39 31 64 61 2d 34 38 61 34 37 63 35 39 39 66 64 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 37 38 31 37 34 30 33 38 38 30 7d 2c 7b 22 6e 61 6d 65 22 3a 22 76 6f 63 61 62 2e 65 6e 63 73 2e 73 70 6d 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 37 38 31 31 36 31 33 31 39 36 2c 22 74 6f 4c 61 6e 67 22 3a 22 63
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6e-591dea069906.spm","mimetype":"text/plain"},"filter_expression":"env.channel == 'default' || env.channel == 'nightly'","id":"158f9e1d-15a7-4286-91da-48a47c599fdf","last_modified":1727817403880},{"name":"vocab.encs.spm","schema":1727811613196,"toLang":"c


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                61192.168.2.74990934.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:26 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/7f0194d6-62d6-4174-a7ed-55ebc13aacb4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 643
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:26 UTC643OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff ad 54 cb 6e db 30 10 fc 17 5e 63 ba a4 44 bd 7c eb a1 87 9e 0a 38 29 7a 09 20 ac c8 95 43 54 a6 54 92 4a 62 04 fe f7 2e 65 d7 69 1b 03 05 82 02 82 2d ef ce 0c c7 bb 23 bd b0 c9 ba 5d 6b 5d 3f b2 cd 0b 0b f8 83 6d 64 b6 62 21 82 8f 6d b4 7b 64 1b 96 89 2c e7 52 70 51 dc 89 7a a3 e4 8d 90 1b 21 d8 8a a1 33 ff c6 3c 4f e8 09 e3 62 38 9d e0 27 0e 86 47 1c 70 8f d1 1f b8 1f 87 61 9c 63 6a 76 1e 9c 7e 20 35 3d ba 48 f5 85 1e 3d a4 5e 3c 4c e9 1c 67 f7 dd 1c 2e a4 e4 21 dd 27 fd cf 26 31 b3 5a 29 d5 f7 bc 32 a6 e1 4a 41 c5 eb 06 14 c7 46 67 20 55 6e 74 09 ec 78 5c b1 79 da 79 30 c8 c3 34 c6 c1 ee 1e e2 55 23 d1 23 c4 24 fe 0e 2b 75 d7 61 dd 23 59 a9 73 cd 55 d3 94 bc a9 4c c9 0b a9 a5 c2 ae cb e5 d9 8a 0e 8f dc ee a7 d1 93 07 1a 0b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Tn0^cD|8)z CTTJb.ei-#]k]?mdb!m{d,RpQz!3<Ob8'Gpacjv~ 5=H=^<Lg.!'&1Z)2JAFg Untx\yy04U##$+ua#YsUL
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:26 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                62192.168.2.74991034.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC428OUTGET /v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1732897509042&_since=%221694439985514%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 22883
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:19:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 69
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 07 Dec 2024 00:00:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC834INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 62 72 6f 77 73 65 72 20 28 65 2e 67 2e 20 43 68 72 6f 6d 65 2c 20 46 69 72 65 66 6f 78 20 66 6f 72 20 41 6e 64 72 6f 69 64 2c 20 5c 75 32 30 32 36 29 22 7d 2c 22 73 74 61 74 75 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 53 74 61 74 75 73 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 45 78 74 72 61 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 6f 6e 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"schema":{"type":"object","properties":{"name":{"type":"string","title":"Name","description":"The name of the browser (e.g. Chrome, Firefox for Android, \u2026)"},"status":{"type":"string","title":"Status","description":"Extra information on
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 69 67 6e 61 74 75 72 65 22 3a 22 58 4e 45 71 6f 33 59 68 4b 33 4a 56 43 73 64 68 43 52 36 55 35 74 51 39 77 30 45 72 72 54 61 31 73 30 73 79 42 67 4b 6a 5f 77 65 33 4a 72 73 44 48 62 6b 57 51 5f 75 42 48 44 77 6f 58 69 6a 66 4c 46 4b 6f 4d 52 33 56 6f 4a 36 6e 61 55 55 31 38 43 34 34 4a 55 50 7a 4b 4a 39 74 4b 31 57 54 59 6e 41 53 5a 6e 4e 30 46 66 4a 64 6f 47 61 54 75 62 6f 62 58 54 53 74 66 37 6d 5f 75 43 42 66 22 2c 22 73 69 67 6e 65 72 5f 69 64 22 3a 22 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 4d 48 59 77 45 41 59 48 4b 6f 5a 49 7a 6a 30 43 41 51 59 46 4b 34 45 45 41 43 49 44 59 67 41 45 50 6e 6e 4b 38 4b 36 69 47 47 50 43 32 64 6b 46 4b 44 71 66 79 55 78 64 6b 62 45 59 66 71 2b 61 34 59 50 33 45 77
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ignature":"XNEqo3YhK3JVCsdhCR6U5tQ9w0ErrTa1s0syBgKj_we3JrsDHbkWQ_uBHDwoXijfLFKoMR3VoJ6naUU18C44JUPzKJ9tK1WTYnASZnN0FfJdoGaTubobXTStf7m_uCBf","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPnnK8K6iGGPC2dkFKDqfyUxdkbEYfq+a4YP3Ew
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 36 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 32 38 39 37 35 30 39 30 33 31 7d 2c 7b 22 6e 61 6d 65 22 3a 22 46 69 72 65 66 6f 78 20 66 6f 72 20 41 6e 64 72 6f 69 64 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 33 32 36 36 35 39 30 37 39 39 35 2c 22 73 74 61 74 75 73 22 3a 22 63 75 72 72 65 6e 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 33 33 22 2c 22 62 72 6f 77 73 65 72 69 64 22 3a 22 66 69 72 65 66 6f 78 5f 61 6e 64 72 6f 69 64 22 2c 22 69 64 22 3a 22 61 64 32 31 33 31 63 63 2d 35 61 33 37 2d 34 36 64 66 2d 61 38 30 39 2d 61 36 36 34 63 36 35 35 64 66 62 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 32 38 39 37 35 30 39 30 32 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 66 65 30 63 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 6b","last_modified":1732897509031},{"name":"Firefox for Android","schema":1732665907995,"status":"current","version":"133","browserid":"firefox_android","id":"ad2131cc-5a37-46df-a809-a664c655dfb3","last_modified":1732897509028},{"deleted":true,"id":"fe0ca
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 30 22 2c 22 62 72 6f 77 73 65 72 69 64 22 3a 22 6e 6f 64 65 6a 73 22 2c 22 69 64 22 3a 22 37 39 34 61 31 30 38 33 2d 39 32 61 63 2d 34 65 65 33 2d 62 31 35 63 2d 35 62 63 37 62 65 62 39 61 37 62 38 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 37 38 35 38 38 33 32 31 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 63 32 38 64 66 61 63 37 2d 63 37 64 65 2d 34 65 32 30 2d 38 32 31 32 2d 61 62 63 37 63 30 64 65 36 33 35 61 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 37 38 35 38 38 33 31 38 7d 2c 7b 22 6e 61 6d 65 22 3a 22 57 65 62 56 69 65 77 20 41 6e 64 72 6f 69 64 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 33 31 31 31 30 37 30 34 36 30 36 2c 22 73 74 61 74 75 73 22 3a 22 70 6c 61 6e 6e 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0","browserid":"nodejs","id":"794a1083-92ac-4ee3-b15c-5bc7beb9a7b8","last_modified":1731478588321},{"deleted":true,"id":"c28dfac7-c7de-4e20-8212-abc7c0de635a","last_modified":1731478588318},{"name":"WebView Android","schema":1731110704606,"status":"planne
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 22 69 64 22 3a 22 36 62 35 31 30 61 31 31 2d 39 31 35 65 2d 34 32 32 66 2d 61 32 34 38 2d 31 30 61 30 62 30 39 38 62 66 64 38 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 33 39 37 35 34 37 34 31 33 7d 2c 7b 22 6e 61 6d 65 22 3a 22 57 65 62 56 69 65 77 20 41 6e 64 72 6f 69 64 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 33 31 31 31 30 37 30 34 34 37 30 2c 22 73 74 61 74 75 73 22 3a 22 62 65 74 61 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 33 32 22 2c 22 62 72 6f 77 73 65 72 69 64 22 3a 22 77 65 62 76 69 65 77 5f 61 6e 64 72 6f 69 64 22 2c 22 69 64 22 3a 22 32 65 64 30 35 37 35 64 2d 32 37 66 62 2d 34 30 66 30 2d 62 34 32 37 2d 65 38 37 64 32 30 36 63 65 61 64 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 33 39 37 35 34
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "id":"6b510a11-915e-422f-a248-10a0b098bfd8","last_modified":1731397547413},{"name":"WebView Android","schema":1731110704470,"status":"beta","version":"132","browserid":"webview_android","id":"2ed0575d-27fb-40f0-b427-e87d206cead0","last_modified":173139754
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 61 74 75 73 22 3a 22 63 75 72 72 65 6e 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 33 31 22 2c 22 62 72 6f 77 73 65 72 69 64 22 3a 22 63 68 72 6f 6d 65 22 2c 22 69 64 22 3a 22 30 37 39 32 33 36 30 30 2d 34 36 39 35 2d 34 36 38 36 2d 38 36 64 33 2d 63 34 30 38 33 62 37 63 66 64 66 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 33 39 37 35 34 37 33 39 30 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 33 65 33 63 34 61 30 64 2d 63 66 61 65 2d 34 62 62 37 2d 61 34 30 64 2d 39 34 37 64 32 38 38 65 32 65 34 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 33 39 37 35 34 37 33 38 37 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 39 33 31 37 35 38 32 33 2d 64 66 32 35 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: atus":"current","version":"131","browserid":"chrome","id":"07923600-4695-4686-86d3-c4083b7cfdff","last_modified":1731397547390},{"deleted":true,"id":"3e3c4a0d-cfae-4bb7-a40d-947d288e2e40","last_modified":1731397547387},{"deleted":true,"id":"93175823-df25-
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 39 66 2d 34 30 30 34 2d 62 32 62 39 2d 35 65 66 39 30 32 33 63 66 39 36 36 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 32 37 31 36 36 35 32 36 30 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 66 32 65 39 30 62 34 35 2d 36 38 62 64 2d 34 61 31 63 2d 38 34 37 30 2d 36 64 35 63 38 64 39 33 34 65 31 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 32 37 31 36 36 35 32 35 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 31 32 63 32 62 61 31 31 2d 30 37 39 66 2d 34 33 39 66 2d 62 33 32 36 2d 33 33 35 30 66 37 39 39 39 62 33 38 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 30 32 37 31 36 36 35 32 35 36 7d 2c 7b 22 6e 61 6d 65 22 3a 22 57 65 62 56 69 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 9f-4004-b2b9-5ef9023cf966","last_modified":1730271665260},{"deleted":true,"id":"f2e90b45-68bd-4a1c-8470-6d5c8d934e14","last_modified":1730271665258},{"deleted":true,"id":"12c2ba11-079f-439f-b326-3350f7999b38","last_modified":1730271665256},{"name":"WebVie
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 39 35 30 34 36 30 30 37 35 36 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 34 34 63 31 37 36 34 30 2d 36 34 66 33 2d 34 38 36 64 2d 62 64 66 66 2d 30 64 63 63 37 66 34 61 33 37 31 39 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 38 31 36 30 32 33 34 33 39 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 33 35 63 32 31 66 30 32 2d 39 34 35 37 2d 34 39 62 62 2d 62 61 33 63 2d 33 61 32 32 61 65 39 31 36 32 65 63 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 38 31 36 30 32 33 34 33 35 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 31 61 38 36 64 31 37 38 2d 33 39 35 31 2d 34 65 34 32 2d 62 30 64 39 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t_modified":1729504600756},{"deleted":true,"id":"44c17640-64f3-486d-bdff-0dcc7f4a3719","last_modified":1726816023439},{"deleted":true,"id":"35c21f02-9457-49bb-ba3c-3a22ae9162ec","last_modified":1726816023435},{"deleted":true,"id":"1a86d178-3951-4e42-b0d9-
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 38 30 2d 62 37 37 35 2d 36 66 63 62 37 64 33 31 33 34 64 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 36 33 39 31 34 38 30 35 39 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 35 39 37 62 39 66 33 37 2d 30 66 36 38 2d 34 64 34 65 2d 61 38 36 63 2d 33 66 30 36 33 66 63 39 37 30 34 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 36 33 39 31 34 38 30 35 37 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 37 31 30 33 37 30 36 66 2d 37 31 62 65 2d 34 61 32 37 2d 61 66 65 61 2d 35 35 65 65 32 62 38 30 38 35 66 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 36 36 33 39 31 34 38 30 35 34 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 80-b775-6fcb7d3134db","last_modified":1726639148059},{"deleted":true,"id":"597b9f37-0f68-4d4e-a86c-3f063fc9704b","last_modified":1726639148057},{"deleted":true,"id":"7103706f-71be-4a27-afea-55ee2b8085f4","last_modified":1726639148054},{"deleted":true,"id"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:27 UTC1390INData Raw: 32 64 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 33 36 32 38 35 30 33 38 30 31 7d 2c 7b 22 6e 61 6d 65 22 3a 22 46 69 72 65 66 6f 78 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 33 35 39 33 39 30 33 37 35 33 2c 22 73 74 61 74 75 73 22 3a 22 65 73 72 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 32 38 22 2c 22 62 72 6f 77 73 65 72 69 64 22 3a 22 66 69 72 65 66 6f 78 22 2c 22 69 64 22 3a 22 35 36 35 31 36 31 64 63 2d 35 32 64 38 2d 34 63 62 31 2d 38 63 66 33 2d 38 31 37 31 62 39 36 30 66 39 65 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 33 36 32 38 35 30 33 37 39 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 63 38 62 66 34 39 31 38 2d 30 33 62 37 2d 34 62 65 32 2d 62 66 37 35 2d 34 64 36 31 33
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 2d","last_modified":1723628503801},{"name":"Firefox","schema":1723593903753,"status":"esr","version":"128","browserid":"firefox","id":"565161dc-52d8-4cb1-8cf3-8171b960f9e4","last_modified":1723628503798},{"deleted":true,"id":"c8bf4918-03b7-4be2-bf75-4d613


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                63192.168.2.74991534.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:28 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/5e0297e1-aa9b-4634-aaf1-cfd1f718b993 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 658
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:28 UTC658OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 54 4d 6f db 30 0c fd 2f ba 2e cc 24 5b fe ca 6d 87 1d 76 1a 90 76 d8 a5 80 21 4b 74 2a cc 91 3d 49 6e 1b 14 fd ef a3 9c b4 29 da ac 05 8c c4 16 1f c9 a7 a7 47 3d b2 c9 ba 5d 6b 5d 3f b2 cd 23 0b f8 97 6d 44 be 62 21 2a 1f db 68 f7 c8 36 2c e3 59 0e 82 03 2f ae 79 bd 91 e2 0b 17 1b ce d9 8a a1 33 9f 63 1e 26 f4 84 71 31 1c 3b f8 09 94 81 88 03 ee 31 fa 03 f8 71 18 c6 39 a6 60 e7 95 d3 b7 54 4d 8f 2e d2 fa 92 1e bd 4a b1 78 98 52 1f 67 f7 dd 1c 5e 92 12 87 f4 9e ea ff 30 29 33 ab a5 94 7d 0f 95 31 0d 48 a9 2a a8 1b 25 01 1b 9d 29 21 73 a3 4b c5 9e 9e 56 6c 9e 76 5e 19 84 30 8d 71 b0 bb db 78 91 48 f4 a8 62 2a fe 9a ca 9b 96 75 d7 61 dd 23 b5 ac 73 0d b2 69 4a 68 2a 53 42 21 b4 90 d8 75 b9 a0 96 ab ff 6c 20 51 d9 db 07 34 90
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TMo0/.$[mvv!Kt*=In)G=]k]?#mDb!*h6,Y/y3c&q1;1q9`TM.JxRg^0)3}1H*%)!sKVlv^0qxHb*ua#siJh*SB!ul Q4
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:29 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                64192.168.2.74991934.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:29 UTC423OUTGET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1733519120578&_since=%221696457593430%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC559INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 590841
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:50:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Fri, 06 Dec 2024 21:05:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 1800
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC831INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 73 74 61 72 74 75 70 22 5d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 32 78 6e 6f 6c 36 7a 73 6e 32 72 6e 74 33 71 61 63 77 71 71 31 71 65 71 76 78 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"flags":["startup"],"signature":{"ref":"2xnol6zsn2rnt3qacwqq1qeqvx","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignature
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 6e 65 77 2d 74 61 62 2d 72 65 67 69 6f 6e 2d 73 70 65 63 69 66 69 63 2d 63 6f 6e 74 65 6e 74 2d 65 78 70 61 6e 73 69 6f 6e 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 35 31 39 31 30 35 31 39 39 7d 2c 7b 22 73 6c 75 67 22 3a 22 73 65 74 2d 74 6f 2d 64 65 66 61 75 6c 74 2d 70 72 6f 6d 70 74 2d 73 74 79 6c 65 2d 73 70 6f 74 6c 69 67 68 74 22 2c 22 61 70 70 49 64 22 3a 22 66 69 72 65 66 6f 78 2d 64 65 73 6b 74 6f 70 22 2c 22 61 70 70 4e 61 6d 65 22 3a 22 66 69 72 65 66 6f 78 5f 64 65 73 6b 74 6f 70 22 2c 22 63 68 61 6e 6e 65 6c 22 3a 22 62 65 74 61 22 2c 22 65 6e 64 44 61 74 65 22 3a 6e 75 6c 6c 2c 22 6c 6f 63 61 6c 65 73 22 3a 5b 22 65 6e 2d 47 42 22 2c 22 65 6e 2d 43 41 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "deleted":true,"id":"new-tab-region-specific-content-expansion","last_modified":1733519105199},{"slug":"set-to-default-prompt-style-spotlight","appId":"firefox-desktop","appName":"firefox_desktop","channel":"beta","endDate":null,"locales":["en-GB","en-CA"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 74 20 62 72 6f 77 73 65 72 20 61 6e 64 20 6b 65 65 70 20 69 74 20 69 6e 20 79 6f 75 72 20 44 6f 63 6b 2e 22 2c 22 66 6f 6e 74 53 69 7a 65 22 3a 22 31 33 70 78 22 7d 2c 22 74 69 74 6c 65 5f 6c 6f 67 6f 22 3a 7b 22 77 69 64 74 68 22 3a 22 31 36 70 78 22 2c 22 68 65 69 67 68 74 22 3a 22 31 36 70 78 22 2c 22 69 6d 61 67 65 55 52 4c 22 3a 22 63 68 72 6f 6d 65 3a 2f 2f 62 72 61 6e 64 69 6e 67 2f 63 6f 6e 74 65 6e 74 2f 61 62 6f 75 74 2d 6c 6f 67 6f 2e 70 6e 67 22 7d 2c 22 70 72 69 6d 61 72 79 5f 62 75 74 74 6f 6e 22 3a 7b 22 6c 61 62 65 6c 22 3a 7b 22 72 61 77 22 3a 22 53 65 74 20 61 73 20 70 72 69 6d 61 72 79 20 62 72 6f 77 73 65 72 22 7d 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 50 49
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t browser and keep it in your Dock.","fontSize":"13px"},"title_logo":{"width":"16px","height":"16px","imageURL":"chrome://branding/content/about-logo.png"},"primary_button":{"label":{"raw":"Set as primary browser"},"action":{"data":{"actions":[{"type":"PI
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 65 55 52 4c 22 3a 22 63 68 72 6f 6d 65 3a 2f 2f 62 72 61 6e 64 69 6e 67 2f 63 6f 6e 74 65 6e 74 2f 61 62 6f 75 74 2d 6c 6f 67 6f 2e 70 6e 67 22 7d 2c 22 70 72 69 6d 61 72 79 5f 62 75 74 74 6f 6e 22 3a 7b 22 6c 61 62 65 6c 22 3a 7b 22 72 61 77 22 3a 22 4e 6f 74 20 6e 6f 77 22 7d 2c 22 73 74 79 6c 65 22 3a 22 73 65 63 6f 6e 64 61 72 79 22 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 5d 7d 2c 22 74 79 70 65 22 3a 22 4d 55 4c 54 49 5f 41 43 54 49 4f 4e 22 2c 22 64 69 73 6d 69 73 73 22 3a 74 72 75 65 2c 22 63 6f 6c 6c 65 63 74 53 65 6c 65 63 74 22 3a 74 72 75 65 7d 7d 2c 22 61 64 64 69 74 69 6f 6e 61 6c 5f 62 75 74 74 6f 6e 22 3a 7b 22 6c 61 62 65 6c 22 3a 7b 22 72 61 77 22 3a 22 53 65 74 20 61 73 20 70 72 69 6d 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: eURL":"chrome://branding/content/about-logo.png"},"primary_button":{"label":{"raw":"Not now"},"style":"secondary","action":{"data":{"actions":[]},"type":"MULTI_ACTION","dismiss":true,"collectSelect":true}},"additional_button":{"label":{"raw":"Set as prima
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 69 6d 61 72 79 5f 62 75 74 74 6f 6e 22 3a 7b 22 6c 61 62 65 6c 22 3a 7b 22 72 61 77 22 3a 22 4e 6f 74 20 6e 6f 77 22 7d 2c 22 73 74 79 6c 65 22 3a 22 73 65 63 6f 6e 64 61 72 79 22 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 5d 7d 2c 22 74 79 70 65 22 3a 22 4d 55 4c 54 49 5f 41 43 54 49 4f 4e 22 2c 22 64 69 73 6d 69 73 73 22 3a 74 72 75 65 2c 22 63 6f 6c 6c 65 63 74 53 65 6c 65 63 74 22 3a 74 72 75 65 7d 7d 2c 22 61 64 64 69 74 69 6f 6e 61 6c 5f 62 75 74 74 6f 6e 22 3a 7b 22 6c 61 62 65 6c 22 3a 7b 22 72 61 77 22 3a 22 53 65 74 20 61 73 20 70 72 69 6d 61 72 79 20 62 72 6f 77 73 65 72 22 7d 2c 22 73 74 79 6c 65 22 3a 22 70 72 69 6d 61 72 79 22 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 63 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: imary_button":{"label":{"raw":"Not now"},"style":"secondary","action":{"data":{"actions":[]},"type":"MULTI_ACTION","dismiss":true,"collectSelect":true}},"additional_button":{"label":{"raw":"Set as primary browser"},"style":"primary","action":{"data":{"act
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 5f 54 4f 5f 53 54 41 52 54 5f 4d 45 4e 55 22 7d 5d 7d 2c 22 74 79 70 65 22 3a 22 4d 55 4c 54 49 5f 41 43 54 49 4f 4e 22 2c 22 64 69 73 6d 69 73 73 22 3a 74 72 75 65 2c 22 63 6f 6c 6c 65 63 74 53 65 6c 65 63 74 22 3a 74 72 75 65 7d 7d 2c 22 61 64 64 69 74 69 6f 6e 61 6c 5f 62 75 74 74 6f 6e 22 3a 7b 22 6c 61 62 65 6c 22 3a 7b 22 72 61 77 22 3a 22 4e 6f 74 20 6e 6f 77 22 7d 2c 22 73 74 79 6c 65 22 3a 22 73 65 63 6f 6e 64 61 72 79 22 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 5d 7d 2c 22 74 79 70 65 22 3a 22 4d 55 4c 54 49 5f 41 43 54 49 4f 4e 22 2c 22 64 69 73 6d 69 73 73 22 3a 74 72 75 65 2c 22 63 6f 6c 6c 65 63 74 53 65 6c 65 63 74 22 3a 74 72 75 65 7d 7d 2c 22 69 73 53 79 73 74 65 6d 50 72 6f 6d 70 74 53 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: _TO_START_MENU"}]},"type":"MULTI_ACTION","dismiss":true,"collectSelect":true}},"additional_button":{"label":{"raw":"Not now"},"style":"secondary","action":{"data":{"actions":[]},"type":"MULTI_ACTION","dismiss":true,"collectSelect":true}},"isSystemPromptSt
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 6f 6e 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 53 45 54 5f 44 45 46 41 55 4c 54 5f 42 52 4f 57 53 45 52 22 7d 2c 7b 22 74 79 70 65 22 3a 22 50 49 4e 5f 46 49 52 45 46 4f 58 5f 54 4f 5f 53 54 41 52 54 5f 4d 45 4e 55 22 7d 5d 7d 2c 22 74 79 70 65 22 3a 22 4d 55 4c 54 49 5f 41 43 54 49 4f 4e 22 2c 22 64 69 73 6d 69 73 73 22 3a 74 72 75 65 2c 22 63 6f 6c 6c 65 63 74 53 65 6c 65 63 74 22 3a 74 72 75 65 7d 7d 2c 22 69 73 53 79 73 74 65 6d 50 72 6f 6d 70 74 53 74 79 6c 65 53 70 6f 74 6c 69 67 68 74 22 3a 74 72 75 65 7d 2c 22 74 61 72 67 65 74 69 6e 67 22 3a 22 21 64 6f 65 73 41 70 70 4e 65 65 64 50 69 6e 20 26 26 20 70 6c 61 74 66 6f 72 6d 4e 61 6d 65 20 21 3d 20 27 6d 61 63 6f 73 78 27 22 2c 22 66 6f 72 63 65 5f 68 69 64 65 5f 73 74 65 70 73 5f 69 6e 64 69 63 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ons":[{"type":"SET_DEFAULT_BROWSER"},{"type":"PIN_FIREFOX_TO_START_MENU"}]},"type":"MULTI_ACTION","dismiss":true,"collectSelect":true}},"isSystemPromptStyleSpotlight":true},"targeting":"!doesAppNeedPin && platformName != 'macosx'","force_hide_steps_indica
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 66 69 65 64 22 3a 31 37 33 33 35 30 33 33 31 37 32 31 39 7d 2c 7b 22 73 6c 75 67 22 3a 22 70 65 72 66 6f 72 6d 61 6e 63 65 2d 6d 65 74 72 69 63 2d 63 61 6c 69 62 72 61 74 69 6f 6e 2d 62 65 74 61 2d 64 65 63 2d 32 30 32 34 22 2c 22 61 70 70 49 64 22 3a 22 66 69 72 65 66 6f 78 2d 64 65 73 6b 74 6f 70 22 2c 22 61 70 70 4e 61 6d 65 22 3a 22 66 69 72 65 66 6f 78 5f 64 65 73 6b 74 6f 70 22 2c 22 63 68 61 6e 6e 65 6c 22 3a 22 62 65 74 61 22 2c 22 65 6e 64 44 61 74 65 22 3a 6e 75 6c 6c 2c 22 6c 6f 63 61 6c 65 73 22 3a 6e 75 6c 6c 2c 22 62 72 61 6e 63 68 65 73 22 3a 5b 7b 22 73 6c 75 67 22 3a 22 63 6f 6e 74 72 6f 6c 22 2c 22 72 61 74 69 6f 22 3a 31 2c 22 66 65 61 74 75 72 65 22 3a 7b 22 76 61 6c 75 65 22 3a 7b 7d 2c 22 65 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: fied":1733503317219},{"slug":"performance-metric-calibration-beta-dec-2024","appId":"firefox-desktop","appName":"firefox_desktop","channel":"beta","endDate":null,"locales":null,"branches":[{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 72 6b 69 6e 67 22 5d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 3a 22 66 69 72 65 66 6f 78 2d 64 65 73 6b 74 6f 70 22 2c 22 62 75 63 6b 65 74 43 6f 6e 66 69 67 22 3a 7b 22 63 6f 75 6e 74 22 3a 31 30 30 30 30 2c 22 73 74 61 72 74 22 3a 30 2c 22 74 6f 74 61 6c 22 3a 31 30 30 30 30 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 66 69 72 65 66 6f 78 2d 64 65 73 6b 74 6f 70 2d 6e 65 74 77 6f 72 6b 69 6e 67 2d 62 65 74 61 2d 37 22 2c 22 72 61 6e 64 6f 6d 69 7a 61 74 69 6f 6e 55 6e 69 74 22 3a 22 6e 6f 72 6d 61 6e 64 79 5f 69 64 22 7d 2c 22 6c 6f 63 61 6c 69 7a 61 74 69 6f 6e 73 22 3a 6e 75 6c 6c 2c 22 70 75 62 6c 69 73 68 65 64 44 61 74 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 39 54 31 37 3a 30 33 3a 30 33 2e 38 39 39 36 37 38 5a 22 2c 22 73 63 68 65 6d 61 56 65 72 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rking"],"application":"firefox-desktop","bucketConfig":{"count":10000,"start":0,"total":10000,"namespace":"firefox-desktop-networking-beta-7","randomizationUnit":"normandy_id"},"localizations":null,"publishedDate":"2024-11-29T17:03:03.899678Z","schemaVers
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC1390INData Raw: 66 65 74 63 68 50 72 69 6f 72 69 74 79 22 3a 74 72 75 65 7d 2c 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 49 64 22 3a 22 6e 65 74 77 6f 72 6b 50 72 69 6f 72 69 74 69 7a 61 74 69 6f 6e 22 7d 5d 2c 22 66 69 72 65 66 6f 78 4c 61 62 73 54 69 74 6c 65 22 3a 6e 75 6c 6c 7d 5d 2c 22 6f 75 74 63 6f 6d 65 73 22 3a 5b 7b 22 73 6c 75 67 22 3a 22 70 61 67 65 5f 6c 6f 61 64 5f 70 65 72 66 6f 72 6d 61 6e 63 65 5f 6d 69 6e 69 6d 61 6c 22 2c 22 70 72 69 6f 72 69 74 79 22 3a 22 70 72 69 6d 61 72 79 22 7d 2c 7b 22 73 6c 75 67 22 3a 22 6e 65 74 77 6f 72 6b 69 6e 67 5f 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 22 70 72 69 6f 72 69 74 79 22 3a 22 70 72 69 6d 61 72 79 22 7d 5d 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 7b 7d 2c 22 69 73 52 6f 6c 6c 6f 75 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: fetchPriority":true},"enabled":true,"featureId":"networkPrioritization"}],"firefoxLabsTitle":null}],"outcomes":[{"slug":"page_load_performance_minimal","priority":"primary"},{"slug":"networking_performance","priority":"primary"}],"arguments":{},"isRollout


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                65192.168.2.74992134.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/7a27ea16-e265-40c0-823c-0125abf7d855 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 665
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:30 UTC665OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 9d 54 cb 6e db 30 10 fc 17 5d e3 75 49 89 7a f9 96 43 50 f4 d0 16 88 53 f4 12 40 a0 c8 95 43 54 a6 54 92 4a 62 04 f9 f7 2e 65 c7 0e 6a a3 45 0b 08 7e 70 67 67 87 a3 21 5f 92 d1 d8 4d 63 6c 37 24 ab 97 c4 e3 cf 64 c5 c5 22 f1 41 ba d0 04 b3 c5 64 95 a4 2c cd 80 33 60 f9 1d ab 56 82 5f 31 be 62 2c 59 24 68 f5 df 31 cf 23 3a c2 d8 e0 f7 13 dc 08 52 43 c0 1e b7 18 dc 0e dc d0 f7 c3 14 62 b1 75 d2 aa 07 62 53 83 0d b4 3e b7 07 27 63 0d 6d 04 46 9e 4f 3a 22 d2 4a 08 d1 75 50 6a 5d 83 10 b2 84 aa 96 02 b0 56 a9 e4 22 d3 aa 90 d4 1e 76 63 54 67 cd b6 9d fc 71 d4 eb eb 22 99 c6 8d 93 1a c1 8f 43 e8 cd e6 21 5c 14 12 1c ca 10 87 be 97 72 99 74 f1 bb c4 aa 6d b1 ea 90 24 56 99 02 51 d7 05 d4 a5 2e 20 e7 8a 0b 6c db 8c 93 c4 28 65 6b 9e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Tn0]uIzCPS@CTTJb.ejE~pgg!_Mcl7$d"Ad,3`V_1b,Y$h1#:RCbubS>'cmFO:"JuPj]V"vcTgq"C!\rtm$VQ. l(ek
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:31 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                66192.168.2.74992534.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:32 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/6c257ec7-9ee7-4e42-91a6-7d3b50c23b76 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 665
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:32 UTC665OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 9d 54 4d 6f db 30 0c fd 2f be 36 cc 24 5b fe ca ad 87 62 d8 61 1b d0 74 d8 a5 80 21 4b 74 2a cc 91 3d 49 6e 1b 14 fd ef a3 9c 34 19 da ac 05 06 18 86 4d 3d 3e 3e 91 4f 7a 4a 46 63 37 8d b1 dd 90 ac 9e 12 8f bf 93 15 cf 17 89 0f d2 85 26 98 2d 26 ab 24 65 69 06 9c 01 cb 6f 58 b5 12 fc 82 f1 15 63 c9 22 41 ab 3f c6 3c 8e e8 08 63 83 df 57 70 23 48 0d 01 7b dc 62 70 3b 70 43 df 0f 53 88 8b ad 93 56 dd 11 9b 1a 6c a0 f8 9c 1e 9c 8c 6b 68 23 30 f2 7c d1 11 91 56 42 88 ae 83 52 eb 1a 84 90 25 54 b5 14 80 b5 4a 25 17 99 56 85 a4 f4 b0 1b a3 3a 6b b6 ed e4 8f a5 9e 9f 17 c9 d6 3c a2 86 58 88 28 a1 c7 7b ec 21 9d 11 40 10 70 a4 4f 7a 04 ce b3 8f 94 9d af b1 78 ad 58 4b 2d 8b 5c 09 90 5d 56 80 90 aa 83 b6 cb 39 14 9d cc 14 ca 52 d1 c7
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TMo0/6$[bat!Kt*=In4M=>>OzJFc7&-&$eioXc"A?<cWp#H{bp;pCSVlkh#0|VBR%TJ%V:k<X({!@pOzxXK-\]V9R
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:33 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                67192.168.2.74993234.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:34 UTC400OUTGET /v1/buckets/main/collections/cfr/changeset?_expected=1733413822366&_since=%221689971565076%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 14065
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:30:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2996
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 15:50:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 73 74 61 72 74 75 70 22 5d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 33 30 73 77 75 31 31 66 74 75 75 69 69 31 73 69 65 62 71 6a 35 35 78 38 74 6f 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"flags":["startup"],"signature":{"ref":"30swu11ftuuii1siebqj55x8to","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignature
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 32 37 32 30 30 30 30 30 7d 7d 2c 22 62 75 63 6b 65 74 5f 69 64 22 3a 22 57 4e 50 5f 4d 4f 4d 45 4e 54 53 5f 32 32 22 7d 2c 22 74 72 69 67 67 65 72 22 3a 7b 22 69 64 22 3a 22 6d 6f 6d 65 6e 74 73 55 70 64 61 74 65 22 7d 2c 22 74 65 6d 70 6c 61 74 65 22 3a 22 75 70 64 61 74 65 5f 61 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74 69 6e 67 22 3a 22 28 28 62 72 6f 77 73 65 72 53 65 74 74 69 6e 67 73 2e 75 70 64 61 74 65 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 27 65 73 72 27 20 26 26 20 76 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 27 31 30 32 27 29 20 3e 3d 20 30 20 26 26 20 76 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 27 31 31 35 2e 31 33 2e 30 65 73 72 27 29 20 3c 20 30 29 29 20 7c 7c 20 28 28 62 72 6f 77 73 65 72 53 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 27200000}},"bucket_id":"WNP_MOMENTS_22"},"trigger":{"id":"momentsUpdate"},"template":"update_action","targeting":"((browserSettings.update.channel == 'esr' && version|versionCompare('102') >= 0 && version|versionCompare('115.13.0esr') < 0)) || ((browserSe
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 27 2c 20 27 65 73 2d 41 52 27 2c 20 27 69 74 27 2c 20 27 69 73 27 2c 20 27 63 73 27 2c 20 27 65 73 2d 4d 58 27 2c 20 27 69 61 27 2c 20 27 72 75 27 2c 20 27 68 73 62 27 2c 20 27 7a 68 2d 43 4e 27 2c 20 27 75 6b 27 2c 20 27 70 74 2d 50 54 27 2c 20 27 7a 68 2d 54 57 27 2c 20 27 70 74 2d 42 52 27 2c 20 27 68 75 27 2c 20 27 6e 6c 27 2c 20 27 64 65 27 2c 20 27 6b 6f 27 2c 20 27 66 69 27 2c 20 27 65 6f 27 2c 20 27 66 72 27 2c 20 27 73 76 2d 53 45 27 2c 20 27 63 79 27 2c 20 27 65 75 27 2c 20 27 72 6d 27 2c 20 27 64 73 62 27 2c 20 27 74 68 27 2c 20 27 74 72 27 2c 20 27 70 61 2d 49 4e 27 2c 20 27 66 75 72 27 2c 20 27 67 6e 27 2c 20 27 68 72 27 2c 20 27 69 64 27 2c 20 27 6e 62 2d 4e 4f 27 2c 20 27 6e 6e 2d 4e 4f 27 2c 20 27 73 61 74 27 2c 20 27 73 63 27 2c 20 27 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ', 'es-AR', 'it', 'is', 'cs', 'es-MX', 'ia', 'ru', 'hsb', 'zh-CN', 'uk', 'pt-PT', 'zh-TW', 'pt-BR', 'hu', 'nl', 'de', 'ko', 'fi', 'eo', 'fr', 'sv-SE', 'cy', 'eu', 'rm', 'dsb', 'th', 'tr', 'pa-IN', 'fur', 'gn', 'hr', 'id', 'nb-NO', 'nn-NO', 'sat', 'sc', 's
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 20 27 68 73 62 27 2c 20 27 7a 68 2d 43 4e 27 2c 20 27 75 6b 27 2c 20 27 70 74 2d 50 54 27 2c 20 27 7a 68 2d 54 57 27 2c 20 27 70 74 2d 42 52 27 2c 20 27 68 75 27 2c 20 27 6e 6c 27 2c 20 27 64 65 27 2c 20 27 6b 6f 27 2c 20 27 66 69 27 2c 20 27 65 6f 27 2c 20 27 66 72 27 2c 20 27 73 76 2d 53 45 27 2c 20 27 63 79 27 2c 20 27 65 75 27 2c 20 27 72 6d 27 2c 20 27 64 73 62 27 2c 20 27 74 68 27 2c 20 27 74 72 27 2c 20 27 70 61 2d 49 4e 27 2c 20 27 66 75 72 27 2c 20 27 67 6e 27 2c 20 27 68 72 27 2c 20 27 69 64 27 2c 20 27 6e 62 2d 4e 4f 27 2c 20 27 6e 6e 2d 4e 4f 27 2c 20 27 73 61 74 27 2c 20 27 73 63 27 2c 20 27 73 6b 72 27 2c 20 27 73 72 27 5d 29 20 26 26 20 62 72 6f 77 73 65 72 53 65 74 74 69 6e 67 73 2e 75 70 64 61 74 65 2e 63 68 61 6e 6e 65 6c 20 21 3d 20 27
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 'hsb', 'zh-CN', 'uk', 'pt-PT', 'zh-TW', 'pt-BR', 'hu', 'nl', 'de', 'ko', 'fi', 'eo', 'fr', 'sv-SE', 'cy', 'eu', 'rm', 'dsb', 'th', 'tr', 'pa-IN', 'fur', 'gn', 'hr', 'id', 'nb-NO', 'nn-NO', 'sat', 'sc', 'skr', 'sr']) && browserSettings.update.channel != '
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 27 2c 20 27 74 68 27 2c 20 27 74 72 27 2c 20 27 70 61 2d 49 4e 27 2c 20 27 66 75 72 27 2c 20 27 67 6e 27 2c 20 27 68 72 27 2c 20 27 69 64 27 2c 20 27 6e 62 2d 4e 4f 27 2c 20 27 6e 6e 2d 4e 4f 27 2c 20 27 73 61 74 27 2c 20 27 73 63 27 2c 20 27 73 6b 72 27 2c 20 27 73 72 27 5d 29 20 26 26 20 62 72 6f 77 73 65 72 53 65 74 74 69 6e 67 73 2e 75 70 64 61 74 65 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 27 65 73 72 27 20 26 26 20 66 69 72 65 66 6f 78 56 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 38 38 29 20 3e 3d 20 30 20 26 26 20 66 69 72 65 66 6f 78 56 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 31 30 31 29 20 3c 3d 20 30 20 26 26 20 73 6f 75 72 63 65 20 3d 3d 20 27 6e 65 77 74 61 62 27 20 26 26 20 28 63 75 72 72 65 6e 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ', 'th', 'tr', 'pa-IN', 'fur', 'gn', 'hr', 'id', 'nb-NO', 'nn-NO', 'sat', 'sc', 'skr', 'sr']) && browserSettings.update.channel == 'esr' && firefoxVersion|versionCompare(88) >= 0 && firefoxVersion|versionCompare(101) <= 0 && source == 'newtab' && (current
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 30 30 29 20 3e 20 30 20 26 26 20 28 63 75 72 72 65 6e 74 44 61 74 65 7c 64 61 74 65 20 2d 20 31 37 33 36 39 34 32 34 30 30 30 30 30 29 20 3c 20 30 22 2c 22 69 64 22 3a 22 49 4e 46 4f 42 41 52 5f 52 4f 4f 54 43 41 5f 49 52 49 5f 49 57 49 5f 45 4e 5f 46 41 4c 4c 42 41 43 4b 5f 52 45 4c 45 41 53 45 5f 46 58 38 36 5f 46 58 38 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 33 33 35 34 32 38 31 33 31 7d 2c 7b 22 67 72 6f 75 70 73 22 3a 5b 22 63 66 72 22 5d 2c 22 77 65 69 67 68 74 22 3a 31 30 30 2c 22 63 6f 6e 74 65 6e 74 22 3a 7b 22 74 65 78 74 22 3a 7b 22 73 74 72 69 6e 67 5f 69 64 22 3a 22 72 6f 6f 74 2d 63 65 72 74 69 66 69 63 61 74 65 2d 73 75 63 63 65 73 73 69 6f 6e 2d 69 6e 66 6f 62 61 72 2d 6a 61 6e 75 61 72 79 2d 6d 65 73 73 61 67
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 00) > 0 && (currentDate|date - 1736942400000) < 0","id":"INFOBAR_ROOTCA_IRI_IWI_EN_FALLBACK_RELEASE_FX86_FX87","last_modified":1733335428131},{"groups":["cfr"],"weight":100,"content":{"text":{"string_id":"root-certificate-succession-infobar-january-messag
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 3a 5b 7b 22 6c 61 62 65 6c 22 3a 7b 22 73 74 72 69 6e 67 5f 69 64 22 3a 22 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 65 78 74 65 6e 73 69 6f 6e 2d 6c 65 61 72 6e 2d 6d 6f 72 65 2d 6c 69 6e 6b 22 7d 2c 22 73 75 70 70 6f 72 74 50 61 67 65 22 3a 22 72 6f 6f 74 2d 63 65 72 74 69 66 69 63 61 74 65 2d 65 78 70 69 72 61 74 69 6f 6e 22 7d 2c 7b 22 6c 61 62 65 6c 22 3a 7b 22 73 74 72 69 6e 67 5f 69 64 22 3a 22 63 66 72 2d 64 6f 6f 72 68 61 6e 67 65 72 2d 76 69 64 65 6f 2d 73 75 70 70 6f 72 74 2d 70 72 69 6d 61 72 79 2d 62 75 74 74 6f 6e 22 7d 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 72 67 73 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 64 6f 77 6e 6c 6f 61 64 2f 74 68 61 6e 6b 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :[{"label":{"string_id":"cfr-doorhanger-extension-learn-more-link"},"supportPage":"root-certificate-expiration"},{"label":{"string_id":"cfr-doorhanger-video-support-primary-button"},"action":{"data":{"args":"https://www.mozilla.org/firefox/download/thanks
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 65 64 20 74 6f 20 75 70 64 61 74 65 3f 22 2c 22 73 75 70 70 6f 72 74 50 61 67 65 22 3a 22 72 6f 6f 74 2d 63 65 72 74 69 66 69 63 61 74 65 2d 65 78 70 69 72 61 74 69 6f 6e 22 7d 2c 7b 22 6c 61 62 65 6c 22 3a 22 55 70 64 61 74 65 20 6e 6f 77 22 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 64 61 74 61 22 3a 7b 22 61 72 67 73 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 64 6f 77 6e 6c 6f 61 64 2f 74 68 61 6e 6b 73 2f 22 2c 22 77 68 65 72 65 22 3a 22 74 61 62 22 7d 2c 22 74 79 70 65 22 3a 22 4f 50 45 4e 5f 55 52 4c 22 7d 2c 22 70 72 69 6d 61 72 79 22 3a 74 72 75 65 7d 2c 7b 22 6c 61 62 65 6c 22 3a 22 4c 61 74 65 72 22 2c 22 61 63 74 69 6f 6e 22 3a 7b 22 74 79 70 65 22 3a 22 43 41 4e 43 45 4c 22 7d 7d 5d 2c 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ed to update?","supportPage":"root-certificate-expiration"},{"label":"Update now","action":{"data":{"args":"https://www.mozilla.org/firefox/download/thanks/","where":"tab"},"type":"OPEN_URL"},"primary":true},{"label":"Later","action":{"type":"CANCEL"}}],"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 31 37 33 33 33 33 35 34 32 38 31 31 37 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 44 45 56 5f 49 4e 46 4f 42 41 52 5f 52 4f 4f 54 43 41 5f 49 52 49 5f 49 57 49 5f 45 4e 5f 46 41 4c 4c 42 41 43 4b 5f 45 53 52 5f 46 58 39 31 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 33 33 35 34 32 38 31 31 36 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 44 45 56 5f 49 4e 46 4f 42 41 52 5f 52 4f 4f 54 43 41 5f 49 52 49 5f 49 57 49 5f 4e 4f 4e 45 4e 5f 45 53 52 5f 46 58 39 31 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 33 33 35 34 32 38 31 31 34 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 44 45 56 5f 49 4e 46 4f 42 41 52 5f 52 4f 4f 54 43 41 5f 49
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1733335428117},{"deleted":true,"id":"DEV_INFOBAR_ROOTCA_IRI_IWI_EN_FALLBACK_ESR_FX91","last_modified":1733335428116},{"deleted":true,"id":"DEV_INFOBAR_ROOTCA_IRI_IWI_NONEN_ESR_FX91","last_modified":1733335428114},{"deleted":true,"id":"DEV_INFOBAR_ROOTCA_I
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC1390INData Raw: 37 33 36 34 32 34 30 30 30 30 30 30 29 20 3c 20 30 20 26 26 20 6c 6f 63 61 6c 65 4c 61 6e 67 75 61 67 65 43 6f 64 65 20 69 6e 20 5b 27 65 6e 27 2c 20 27 66 72 27 2c 20 27 72 75 27 2c 20 27 65 73 27 2c 20 27 7a 68 27 2c 20 27 64 65 27 2c 20 27 70 74 27 2c 20 27 70 6c 27 2c 20 27 69 74 27 2c 20 27 6a 61 27 2c 20 27 69 64 27 2c 20 27 68 75 27 2c 20 27 63 73 27 2c 20 27 61 72 27 2c 20 27 65 6c 27 5d 22 2c 22 69 64 22 3a 22 57 4e 50 5f 4d 4f 4d 45 4e 54 53 5f 32 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 32 33 30 37 31 37 39 33 30 32 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 44 45 56 5f 49 4e 46 4f 42 41 52 5f 52 4f 4f 54 43 41 5f 49 52 49 5f 49 57 49 5f 45 4e 5f 52 45 4c 45 41 53 45 5f 46 58 38 38 5f 46 58
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 736424000000) < 0 && localeLanguageCode in ['en', 'fr', 'ru', 'es', 'zh', 'de', 'pt', 'pl', 'it', 'ja', 'id', 'hu', 'cs', 'ar', 'el']","id":"WNP_MOMENTS_20","last_modified":1732307179302},{"deleted":true,"id":"DEV_INFOBAR_ROOTCA_IRI_IWI_EN_RELEASE_FX88_FX


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                68192.168.2.74993334.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/f5c2d345-4cad-4c1a-a51d-15d682036066 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 668
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC668OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 8d 54 4d 6f db 30 0c fd 2f ba b6 ca 24 5b fe ca ad 87 62 d8 61 1b d0 74 d8 a5 80 41 4b 74 2a cc 91 3d 49 ee 07 8a fe f7 51 4e 9b b5 6b d6 0d 30 02 81 e4 7b 7c 62 1e f5 c0 26 eb b6 ad 75 fd c8 d6 0f 2c e0 4f b6 96 e5 29 0b 11 7c 6c a3 dd 21 5b b3 4c 64 39 97 82 8b e2 52 d4 6b 25 4f 84 5c 0b c1 4e 19 3a f3 ef 9a bb 09 3d d5 b8 18 52 07 1d 6e b8 dd 4d a3 8f dc e3 80 10 90 fb 71 18 c6 39 a6 6c e7 c1 e9 6b a2 43 07 dd 80 fc 77 f5 c2 14 3d a4 aa 78 3f a5 96 ce ee ba 39 1c e0 49 4e 3a a7 56 9f 0c e5 8d 54 5a eb ac e7 22 cf 3b ae 1a 5d 71 c8 50 70 53 41 a6 2a cc 45 d6 4b f6 f8 78 ca 76 f6 0e 0d d7 a3 8b 04 e5 03 de e0 c0 b3 85 97 13 f1 41 a7 94 f9 2b 8d 09 40 45 2f 95 fd a9 00 0c 94 85 56 1c fa bc e4 0a 74 cf bb be 90 bc ec 21 d7 08
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TMo0/$[batAKt*=IQNk0{|b&u,O)|l![Ld9Rk%O\N:=RnMq9lkCw=x?9IN:VTZ";]qPpSA*EKxvA+@E/Vt!
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:35 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                69192.168.2.74993834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:36 UTC411OUTGET /v1/buckets/main/collections/message-groups/changeset?_expected=1718898145959&_since=%221670425599656%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:37 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 919
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3436
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:37 UTC834INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 73 74 61 72 74 75 70 22 5d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 32 38 30 34 6f 32 75 6a 71 7a 71 78 77 37 62 78 6d 70 77 79 6e 72 67 33 69 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"flags":["startup"],"signature":{"ref":"2804o2ujqzqxw7bxmpwynrg3i","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturep
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:37 UTC85INData Raw: 73 73 61 67 69 6e 67 2d 73 79 73 74 65 6d 2e 61 73 6b 46 6f 72 46 65 65 64 62 61 63 6b 22 5d 2c 22 69 64 22 3a 22 6d 69 63 72 6f 2d 73 75 72 76 65 79 73 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 31 38 38 39 38 31 34 35 39 35 39 7d 5d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ssaging-system.askForFeedback"],"id":"micro-surveys","last_modified":1718898145959}]}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                70192.168.2.74994034.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:37 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/2b167346-5f76-4c00-8f97-19cee0df0fba HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 663
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:37 UTC663OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 95 54 cb ae d3 30 10 fd 97 6c 61 8a 9d 38 af ee 58 20 c4 02 90 28 88 0d 52 34 b1 27 ad 45 ea 04 db b9 0f 5d dd 7f 67 9c fb 94 5a 15 21 45 51 32 9e 39 73 7c e6 71 97 cd d6 ed 3b eb 86 29 db de 65 81 fe 64 5b 59 bf cd 42 44 1f bb 68 8f 94 6d b3 5c e4 05 48 01 a2 fc 2e 9a ad 92 6f 84 dc 0a 91 bd cd c8 99 7f fb dc cc e4 d9 c7 c5 90 32 1c ed 0d 19 d0 93 8b 6c 81 91 ae 68 84 1c fc 34 8e 30 2d 11 3c 8d 84 81 40 ca 22 79 f7 1e 9d 3e 30 7c 0a 60 a7 15 2f 7a 4c 67 e4 52 54 02 fe 64 d8 c3 a0 c1 aa d4 0a 70 28 2a 50 a8 07 e8 87 52 42 35 60 a1 09 6b cd 1f 1c 1e 6f e7 44 d7 d9 63 bf 84 35 2f a7 cd ee ef f9 ca e4 67 40 03 91 29 1c 29 fa db e7 d3 ff 23 a2 f3 46 29 35 0c 50 1b d3 82 52 58 43 d3 a2 02 6a 75 8e 52 15 46 57 97 89 e8 70 05 f6 38
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: T0la8X (R4'E]gZ!EQ29s|q;)ed[YBDhm\H.o2lh40-<@"y>0|`/zLgRTdp(*PRB5`koDc5/g@))#F)5PRXCjuRFWp8
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:38 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                71192.168.2.74994134.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:38 UTC421OUTGET /v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1720004688246&_since=%221606870304609%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:39 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1523
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:42:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2275
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:39 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 70 61 74 74 65 72 6e 22 2c 22 66 65 61 74 75 72 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 66 65 61 74 75 72 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 46 65 61 74 75 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 57 68 69 63 68 20 66 65 61 74 75 72 65 20 74 68 69 73 20 65 6e 74 72 79 20 61 70 70 6c 69 65 73 20 74 6f 20 28 65 2e 67 2e 20 74 72 61 63 6b 69 6e 67 29 22 7d 2c 22 70 61 74 74 65 72 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 50 61 74 74 65 72 6e 22 2c 22 64 65 73 63 72 69 70 74 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"schema":{"type":"object","required":["pattern","feature"],"properties":{"feature":{"type":"string","title":"Feature","description":"Which feature this entry applies to (e.g. tracking)"},"pattern":{"type":"string","title":"Pattern","descripti
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:39 UTC690INData Raw: 34 59 50 33 45 77 4e 6d 79 35 42 7a 6f 54 30 2f 59 2b 55 45 4e 37 6a 79 4d 76 4c 35 38 4c 68 33 58 55 55 65 65 70 65 62 53 6f 4d 67 66 75 59 50 51 46 30 4c 55 41 69 77 71 4c 58 54 37 56 67 58 2b 67 61 57 65 57 46 49 30 37 44 66 6c 6b 66 7a 50 4a 51 79 4f 45 32 46 59 6d 76 44 65 7a 36 72 22 7d 2c 22 64 69 73 70 6c 61 79 46 69 65 6c 64 73 22 3a 5b 22 70 61 74 74 65 72 6e 22 2c 22 66 65 61 74 75 72 65 22 5d 2c 22 69 64 22 3a 22 75 72 6c 2d 63 6c 61 73 73 69 66 69 65 72 2d 73 6b 69 70 2d 75 72 6c 73 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 33 35 36 38 31 32 32 35 32 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 30 30 30 34 36 38 38 32 34 36 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 4YP3EwNmy5BzoT0/Y+UEN7jyMvL58Lh3XUUeepebSoMgfuYPQF0LUAiwqLXT7VgX+gaWeWFI07DflkfzPJQyOE2FYmvDez6r"},"displayFields":["pattern","feature"],"id":"url-classifier-skip-urls","last_modified":1733356812252,"bucket":"main"},"timestamp":1720004688246,"changes":[{"


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                72192.168.2.74994634.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:39 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/c64980e6-c743-4793-ba4a-89f593d4eb16 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 667
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:39 UTC667OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 95 54 db 8e d3 30 10 fd 17 bf d2 29 76 e2 dc fa c6 03 42 3c 00 12 5d c4 cb 4a d1 c4 9e b4 16 a9 13 6c 67 2f 5a ed bf 63 a7 55 59 68 b5 08 29 8a 9c b9 9c 39 9e 39 93 27 36 19 bb 6b 8d ed 47 b6 79 62 9e 7e b2 8d a8 57 cc 07 74 a1 0d e6 40 6c c3 32 9e e5 20 38 f0 e2 86 d7 1b 29 de 70 b1 e1 9c ad 18 59 fd ef 98 87 89 5c 8c b1 c1 1f 2b b8 09 50 43 a0 81 0e 14 dc 23 b8 71 18 c6 39 24 67 e7 d0 aa 7d 44 53 a3 0d d1 be a4 07 87 c9 47 36 05 26 9c 8f 3a 45 64 b5 94 b2 ef a1 d2 ba 01 29 b1 82 ba 41 09 d4 a8 0c 85 cc b5 2a 31 a6 87 c7 29 b1 b3 e6 d0 cd fe 5c ea f9 79 c5 94 bf 03 73 98 46 17 c0 45 2e e8 e9 2a 13 b2 d8 0d 04 bf a3 5f e1 a4 85 54 4a 65 3d f0 3c ef 40 36 aa 02 cc 88 83 ae 30 93 15 e5 3c eb c5 ab 9c 0e e6 81 34 a4 cb 47 48 18
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: T0)vB<]Jlg/ZcUYh)99'6kGyb~Wt@l2 8)pY\+PC#q9$g}DSG6&:Ed)A*1)\ysFE.*_TJe=<@60<4GH
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:40 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                73192.168.2.74994934.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:40 UTC430OUTGET /v1/buckets/main/collections/search-default-override-allowlist/changeset?_expected=1721063513248&_since=%221595254618540%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 4635
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:26:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3225
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 74 68 69 72 64 50 61 72 74 79 49 64 22 2c 22 6f 76 65 72 72 69 64 65 73 49 64 22 2c 22 6f 76 65 72 72 69 64 65 73 41 70 70 49 64 76 32 22 2c 22 75 72 6c 73 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 73 65 61 72 63 68 5f 75 72 6c 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 73 65 61 72 63 68 5f 75 72 6c 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 73 65 61 72 63 68 5f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"schema":{"type":"object","required":["thirdPartyId","overridesId","overridesAppIdv2","urls"],"properties":{"urls":{"type":"array","items":{"type":"object","required":["search_url"],"properties":{"search_url":{"type":"string","title":"search_
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC1390INData Raw: 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 73 65 61 72 63 68 20 65 6e 67 69 6e 65 20 74 6f 20 62 65 20 6f 76 65 72 72 69 64 64 65 6e 2c 20 6f 6e 6c 79 20 61 70 70 6c 69 65 73 20 74 6f 20 4f 70 65 6e 53 65 61 72 63 68 20 65 6e 67 69 6e 65 73 22 7d 2c 22 6f 76 65 72 72 69 64 65 73 49 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 41 64 64 2d 6f 6e 20 49 64 20 74 6f 20 4f 76 65 72 72 69 64 65 20 28 6f 72 69 67 69 6e 61 6c 20 73 65 61 72 63 68 20 63 6f 6e 66 69 67 29 22 2c 22 70 61 74 74 65 72 6e 22 3a 22 5e 5b 61 2d 7a 41 2d 5a 30 2d 39 2d 2e 5f 5d 2a 40 73 65 61 72 63 68 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 24 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: escription":"The name of the search engine to be overridden, only applies to OpenSearch engines"},"overridesId":{"type":"string","title":"Add-on Id to Override (original search config)","pattern":"^[a-zA-Z0-9-._]*@search.mozilla.org$","description":"The i
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC1390INData Raw: 46 61 36 52 6d 75 74 33 44 38 36 50 44 67 30 48 77 44 6d 79 51 5f 61 49 46 62 4b 57 56 47 44 50 4f 5f 62 76 6a 7a 30 56 45 5a 73 38 61 34 79 6b 4a 72 6d 46 4d 6b 66 57 42 37 36 48 22 2c 22 73 69 67 6e 65 72 5f 69 64 22 3a 22 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 4d 48 59 77 45 41 59 48 4b 6f 5a 49 7a 6a 30 43 41 51 59 46 4b 34 45 45 41 43 49 44 59 67 41 45 50 6e 6e 4b 38 4b 36 69 47 47 50 43 32 64 6b 46 4b 44 71 66 79 55 78 64 6b 62 45 59 66 71 2b 61 34 59 50 33 45 77 4e 6d 79 35 42 7a 6f 54 30 2f 59 2b 55 45 4e 37 6a 79 4d 76 4c 35 38 4c 68 33 58 55 55 65 65 70 65 62 53 6f 4d 67 66 75 59 50 51 46 30 4c 55 41 69 77 71 4c 58 54 37 56 67 58 2b 67 61 57 65 57 46 49 30 37 44 66 6c 6b 66 7a 50 4a 51 79 4f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Fa6Rmut3D86PDg0HwDmyQ_aIFbKWVGDPO_bvjz0VEZs8a4ykJrmFMkfWB76H","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPnnK8K6iGGPC2dkFKDqfyUxdkbEYfq+a4YP3EwNmy5BzoT0/Y+UEN7jyMvL58Lh3XUUeepebSoMgfuYPQF0LUAiwqLXT7VgX+gaWeWFI07DflkfzPJQyO
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC1022INData Raw: 6c 73 22 3a 5b 7b 22 73 65 61 72 63 68 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 63 6f 73 69 61 2e 6f 72 67 2f 73 65 61 72 63 68 3f 71 3d 7b 73 65 61 72 63 68 54 65 72 6d 73 7d 26 61 64 64 6f 6e 3d 6f 70 65 6e 73 65 61 72 63 68 22 7d 5d 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 30 36 32 32 30 31 32 33 32 2c 22 65 6e 67 69 6e 65 4e 61 6d 65 22 3a 22 45 63 6f 73 69 61 22 2c 22 6f 76 65 72 72 69 64 65 73 49 64 22 3a 22 65 63 6f 73 69 61 40 73 65 61 72 63 68 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 22 2c 22 74 68 69 72 64 50 61 72 74 79 49 64 22 3a 22 6f 70 65 6e 73 65 61 72 63 68 40 73 65 61 72 63 68 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 22 2c 22 6f 76 65 72 72 69 64 65 73 41 70 70 49 64 76 32 22 3a 22 65 63 6f 73 69 61 22 2c 22 69 64 22 3a 22 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ls":[{"search_url":"https://www.ecosia.org/search?q={searchTerms}&addon=opensearch"}],"schema":1721062201232,"engineName":"Ecosia","overridesId":"ecosia@search.mozilla.org","thirdPartyId":"opensearch@search.mozilla.org","overridesAppIdv2":"ecosia","id":"a


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                74192.168.2.74995234.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/b3c274f7-6fd8-4832-989b-74a48f86b6b5 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 662
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:41 UTC662OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff ad 54 5b cf d3 30 0c fd 2f 7d 65 1e 49 9b de f6 c6 03 42 3c 00 12 03 f1 82 54 b9 89 bb 45 74 69 49 d2 ef 22 c4 7f c7 e9 a6 71 f9 26 21 21 a4 6a 5a ed e3 e3 13 fb a4 df b2 d9 ba 43 67 dd 30 65 bb 6f 59 a0 af d9 4e b6 9b 2c 44 f4 b1 8b f6 44 d9 2e cb 45 5e 80 14 20 ca 0f a2 d9 29 f9 4c c8 9d 10 d9 26 23 67 fe 8e 79 98 c9 33 c6 c5 90 3a e8 70 07 f6 34 4f 3e 82 a7 91 30 10 f8 69 1c a7 25 a6 6c ef d1 e9 23 d3 91 c3 7e 24 f8 89 5e 99 a2 c7 84 22 97 4a 12 e5 6b c3 58 23 95 d6 3a 1f 40 14 45 0f aa d5 35 60 4e 02 4c 8d b9 aa a9 10 f9 20 b9 3c 3e ce 49 a8 b3 a7 7e 09 d7 a6 df bf f3 61 c9 cf 80 06 22 0b 3a 51 f4 8f 37 25 e9 c9 45 8e ff 2a e4 36 e5 e6 4f 81 3a 6f 94 52 c3 00 b5 31 2d 28 85 35 34 2d 2a a0 56 e7 28 55 61 74 85 ab 90 65 3e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: T[0/}eIB<TEtiI"q&!!jZCg0eoYN,DD.E^ )L&#gy3:p4O>0i%l#~$^"JkX#:@E5`NL <>I~a":Q7%E*6O:oR1-(54-*V(Uate>
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:42 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                75192.168.2.74995634.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:42 UTC421OUTGET /v1/buckets/main/collections/cookie-banner-rules-list/changeset?_expected=1725526980846&_since=%221690359097318%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 81209
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:41:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2365
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 64 6f 6d 61 69 6e 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 43 6f 6f 6b 69 65 20 42 61 6e 6e 65 72 20 52 75 6c 65 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 69 64 22 2c 22 64 6f 6d 61 69 6e 73 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 49 44 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 55 6e 69 71 75 65 20 69 64 65 6e 74 69 66 69 65 72 20 6f 66 20 74 68 65 20 72 75 6c 65 2e 22 7d 2c 22 63 6c 69 63 6b 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 43 6c 69 63 6b 22 2c 22 70 72 6f 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"domain","schema":{"type":"object","title":"Cookie Banner Rule","required":["id","domains"],"properties":{"id":{"type":"string","title":"ID","description":"Unique identifier of the rule."},"click":{"type":"object","title":"Click","prop
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 52 75 6e 20 43 6f 6e 74 65 78 74 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 57 68 65 72 65 20 74 68 65 20 63 6c 69 63 6b 20 72 75 6c 65 20 73 68 6f 75 6c 64 20 62 65 20 65 78 65 63 75 74 65 64 2e 20 44 65 66 61 75 6c 74 73 20 74 6f 20 6f 6e 6c 79 20 74 6f 70 20 77 69 6e 64 6f 77 2e 20 74 6f 70 3a 20 4f 6e 6c 79 20 69 6e 20 74 68 65 20 74 6f 70 20 77 69 6e 64 6f 77 3b 20 63 68 69 6c 64 3a 20 4f 6e 6c 79 20 69 6e 20 63 68 69 6c 64 20 66 72 61 6d 65 73 3b 20 61 6c 6c 3a 20 42 6f 74 68 20 74 6f 70 20 77 69 6e 64 6f 77 20 61 6e 64 20 63 68 69 6c 64 20 66 72 61 6d 65 73 2e 22 7d 2c 22 73 6b 69 70 50 72 65 73 65 6e 63 65 56 69 73 69 62 69 6c 69 74 79 43 68 65 63 6b 22 3a 7b 22 74 79 70 65 22 3a 22 62 6f 6f 6c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ring","title":"Run Context","description":"Where the click rule should be executed. Defaults to only top window. top: Only in the top window; child: Only in child frames; all: Both top window and child frames."},"skipPresenceVisibilityCheck":{"type":"bool
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 2f 65 6e 2f 6c 61 74 65 73 74 2f 74 61 72 67 65 74 2d 66 69 6c 74 65 72 73 2e 68 74 6d 6c 23 68 6f 77 22 7d 7d 2c 22 64 65 66 69 6e 69 74 69 6f 6e 73 22 3a 7b 22 63 6f 6f 6b 69 65 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 6e 61 6d 65 22 2c 22 76 61 6c 75 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 68 6f 73 74 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 48 6f 73 74 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 48 6f 73 74 20 74 6f 20 73 65 74 20 63 6f 6f 6b 69 65 20 66 6f 72 2e 20 44 65 66 61 75 6c 74 73 20 74 6f 20 2e 3c 64 6f 6d 61 69 6e 3e 20 69 66 20 75 6e 73 65 74 2e 22 7d 2c 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ttings.readthedocs.io/en/latest/target-filters.html#how"}},"definitions":{"cookie":{"type":"object","required":["name","value"],"properties":{"host":{"type":"string","title":"Host","description":"Host to set cookie for. Defaults to .<domain> if unset."},"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 20 70 72 65 66 20 76 61 6c 75 65 20 66 6f 72 20 63 6f 6f 6b 69 65 62 61 6e 6e 65 72 73 2e 63 6f 6f 6b 69 65 49 6e 6a 65 63 74 6f 72 2e 64 65 66 61 75 6c 74 45 78 70 69 72 79 52 65 6c 61 74 69 76 65 2e 22 7d 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4a 53 4f 4e 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 6f 66 20 61 20 63 6f 6f 6b 69 65 20 74 6f 20 69 6e 6a 65 63 74 2e 22 7d 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 52 75 6c 65 20 63 6f 6e 74 61 69 6e 69 6e 67 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 6f 6e 20 68 6f 77 20 74 6f 20 68 61 6e 64 6c 65 20 61 20 63 6f 6f 6b 69 65 20 62 61 6e 6e 65 72 20 6f 6e 20 61 20 73 70 65 63 69 66 69 63 20 73 69 74 65 2e 22 2c 22 61 64 64 69 74 69 6f 6e 61 6c 50 72 6f 70 65 72 74 69 65 73 22 3a 66 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pref value for cookiebanners.cookieInjector.defaultExpiryRelative."}},"description":"JSON representation of a cookie to inject."}},"description":"Rule containing instructions on how to handle a cookie banner on a specific site.","additionalProperties":fa
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 39 38 30 38 34 33 7d 2c 7b 22 63 6c 69 63 6b 22 3a 7b 22 6f 70 74 4f 75 74 22 3a 22 62 75 74 74 6f 6e 2e 63 6e 2d 64 65 63 6c 69 6e 65 22 2c 22 70 72 65 73 65 6e 63 65 22 3a 22 64 69 76 2e 63 6f 6f 6b 69 65 2d 6e 6f 74 69 63 65 22 7d 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 34 39 37 36 30 31 30 38 30 34 2c 22 64 6f 6d 61 69 6e 73 22 3a 5b 22 67 6c 73 2e 64 65 22 5d 2c 22 69 64 22 3a 22 37 32 37 64 36 35 37 37 2d 61 65 30 34 2d 34 64 63 30 2d 38 61 65 33 2d 63 30 61 66 33 66 33 37 38 37 64 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 35 35 32 36 39 38 30 38 33 39 7d 2c 7b 22 63 6c 69 63 6b 22 3a 7b 22 6f 70 74 49 6e 22 3a 22 62 75 74 74 6f 6e 2e 66 69 64 65 73 2d 61 63 63 65 70 74 2d 61 6c 6c 2d 62 75 74 74 6f 6e 22 2c 22 6f 70 74 4f 75
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 980843},{"click":{"optOut":"button.cn-decline","presence":"div.cookie-notice"},"schema":1724976010804,"domains":["gls.de"],"id":"727d6577-ae04-4dc0-8ae3-c0af3f3787d5","last_modified":1725526980839},{"click":{"optIn":"button.fides-accept-all-button","optOu
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 62 6e 52 66 64 6d 56 79 63 32 6c 76 62 6a 6f 79 4c 48 52 6c 65 48 52 66 64 6d 56 79 63 32 6c 76 62 6a 6f 78 4d 44 41 77 22 7d 5d 2c 22 6f 70 74 4f 75 74 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 64 5f 70 72 65 66 73 22 2c 22 76 61 6c 75 65 22 3a 22 4d 6a 6f 78 4c 47 4e 76 62 6e 4e 6c 62 6e 52 66 64 6d 56 79 63 32 6c 76 62 6a 6f 79 4c 48 52 6c 65 48 52 66 64 6d 56 79 63 32 6c 76 62 6a 6f 78 4d 44 41 77 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 74 77 74 72 5f 70 69 78 65 6c 5f 6f 70 74 5f 69 6e 22 2c 22 76 61 6c 75 65 22 3a 22 4e 22 7d 5d 7d 2c 22 64 6f 6d 61 69 6e 73 22 3a 5b 22 74 77 69 74 74 65 72 2e 63 6f 6d 22 2c 22 78 2e 63 6f 6d 22 5d 2c 22 69 64 22 3a 22 30 35 62 33 62 34 31 37 2d 63 34 63 37 2d 34 65 64 30 2d 61 33 63 66 2d 34 33 30 35 33 65 38 62 33 33 61 62
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: bnRfdmVyc2lvbjoyLHRleHRfdmVyc2lvbjoxMDAw"}],"optOut":[{"name":"d_prefs","value":"MjoxLGNvbnNlbnRfdmVyc2lvbjoyLHRleHRfdmVyc2lvbjoxMDAw"},{"name":"twtr_pixel_opt_in","value":"N"}]},"domains":["twitter.com","x.com"],"id":"05b3b417-c4c7-4ed0-a3cf-43053e8b33ab
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 6e 61 6d 65 22 3a 22 63 6f 6f 6b 69 65 5f 6d 61 6e 61 67 65 72 5f 63 6f 6f 6b 69 65 5f 73 74 61 74 69 73 74 69 63 5f 65 6e 61 62 6c 65 64 22 2c 22 76 61 6c 75 65 22 3a 22 66 61 6c 73 65 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 63 6f 6f 6b 69 65 5f 6d 61 6e 61 67 65 72 5f 70 6f 6c 69 63 79 5f 61 63 63 65 70 74 65 64 22 2c 22 76 61 6c 75 65 22 3a 22 74 72 75 65 22 7d 5d 7d 2c 22 64 6f 6d 61 69 6e 73 22 3a 5b 22 63 72 65 64 69 74 2d 61 67 72 69 63 6f 6c 65 2e 69 74 22 5d 2c 22 69 64 22 3a 22 31 39 34 34 61 32 35 65 2d 36 66 31 36 2d 34 33 34 64 2d 38 63 35 39 2d 30 34 39 33 62 61 35 38 37 66 65 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 31 34 38 31 31 36 34 30 30 30 30 7d 2c 7b 22 63 6c 69 63 6b 22 3a 7b 22 6f 70 74 49 6e 22 3a 22 23 70 6f 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: name":"cookie_manager_cookie_statistic_enabled","value":"false"},{"name":"cookie_manager_policy_accepted","value":"true"}]},"domains":["credit-agricole.it"],"id":"1944a25e-6f16-434d-8c59-0493ba587fe7","last_modified":1714811640000},{"click":{"optIn":"#pop
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 73 63 68 65 6d 61 22 3a 31 37 31 34 36 30 38 30 30 36 39 39 38 2c 22 63 6f 6f 6b 69 65 73 22 3a 7b 22 6f 70 74 49 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 5f 63 6f 6f 6b 69 65 73 5f 76 32 22 2c 22 76 61 6c 75 65 22 3a 22 31 22 7d 5d 7d 2c 22 64 6f 6d 61 69 6e 73 22 3a 5b 22 62 6c 61 62 6c 61 63 61 72 2e 63 6f 6d 2e 62 72 22 2c 22 62 6c 61 62 6c 61 63 61 72 2e 63 6f 6d 2e 74 72 22 2c 22 62 6c 61 62 6c 61 63 61 72 2e 63 6f 6d 2e 75 61 22 2c 22 62 6c 61 62 6c 61 63 61 72 2e 69 6e 22 2c 22 62 6c 61 62 6c 61 63 61 72 2e 6d 78 22 2c 22 62 6c 61 62 6c 61 63 61 72 2e 72 73 22 2c 22 62 6c 61 62 6c 61 63 61 72 2e 72 75 22 5d 2c 22 69 64 22 3a 22 32 66 34 65 31 32 33 35 2d 61 33 36 30 2d 34 36 63 61 2d 62 66 32 36 2d 38 62 30 39 36 34 35 65 65 33 64 35 22 2c 22 6c 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: schema":1714608006998,"cookies":{"optIn":[{"name":"_cookies_v2","value":"1"}]},"domains":["blablacar.com.br","blablacar.com.tr","blablacar.com.ua","blablacar.in","blablacar.mx","blablacar.rs","blablacar.ru"],"id":"2f4e1235-a360-46ca-bf26-8b09645ee3d5","la
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 38 7d 2c 7b 22 63 6c 69 63 6b 22 3a 7b 22 6f 70 74 49 6e 22 3a 22 23 61 63 63 65 70 74 41 6c 6c 51 75 69 63 6b 22 2c 22 6f 70 74 4f 75 74 22 3a 22 23 72 65 6a 65 63 74 41 6c 6c 51 75 69 63 6b 22 2c 22 70 72 65 73 65 6e 63 65 22 3a 22 23 67 64 70 72 2d 63 6f 6d 70 6f 6e 65 6e 74 22 2c 22 72 75 6e 43 6f 6e 74 65 78 74 22 3a 22 63 68 69 6c 64 22 7d 2c 22 73 63 68 65 6d 61 22 3a 31 37 31 34 36 30 38 30 30 36 39 39 38 2c 22 63 6f 6f 6b 69 65 73 22 3a 7b 22 6f 70 74 4f 75 74 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 63 6f 63 6f 73 22 2c 22 76 61 6c 75 65 22 3a 22 25 37 42 25 32 32 66 75 6e 6b 63 6e 69 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 73 74 61 74 69 73 74 69 63 6b 65 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 72 65 6b 6c 61 6d 6e 69 25 32 32
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 8},{"click":{"optIn":"#acceptAllQuick","optOut":"#rejectAllQuick","presence":"#gdpr-component","runContext":"child"},"schema":1714608006998,"cookies":{"optOut":[{"name":"cocos","value":"%7B%22funkcni%22%3Afalse%2C%22statisticke%22%3Afalse%2C%22reklamni%22
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC1390INData Raw: 7d 2c 22 64 6f 6d 61 69 6e 73 22 3a 5b 22 6f 72 61 6e 67 65 2e 73 6e 22 5d 2c 22 69 64 22 3a 22 32 34 33 35 30 34 34 34 2d 36 62 30 31 2d 34 36 61 35 2d 62 38 61 34 2d 39 39 66 34 64 34 31 37 66 30 38 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 31 34 38 31 31 36 33 39 39 37 32 7d 2c 7b 22 63 6c 69 63 6b 22 3a 7b 22 6f 70 74 49 6e 22 3a 22 2e 6a 73 2d 63 6f 6e 73 65 6e 74 2d 61 6c 6c 2d 73 75 62 6d 69 74 22 2c 22 6f 70 74 4f 75 74 22 3a 22 2e 6a 73 2d 63 6f 6e 73 65 6e 74 2d 62 79 70 61 73 73 2d 62 75 74 74 6f 6e 22 2c 22 70 72 65 73 65 6e 63 65 22 3a 22 2e 66 61 6e 63 79 62 6f 78 2d 74 79 70 65 2d 68 74 6d 6c 22 7d 2c 22 73 63 68 65 6d 61 22 3a 31 37 31 34 37 38 30 38 30 38 36 37 39 2c 22 63 6f 6f 6b 69 65 73 22 3a 7b 22 6f 70 74 4f 75
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: },"domains":["orange.sn"],"id":"24350444-6b01-46a5-b8a4-99f4d417f08f","last_modified":1714811639972},{"click":{"optIn":".js-consent-all-submit","optOut":".js-consent-bypass-button","presence":".fancybox-type-html"},"schema":1714780808679,"cookies":{"optOu


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                76192.168.2.74995734.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC618OUTPOST /submit/firefox-desktop/newtab/1/035a902e-3263-48fa-90dd-6789a6dcb1ed HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:26:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 465
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:43 UTC465OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 7d 52 e1 6e a3 30 0c 7e 97 fc 1d a0 84 42 4b 79 8d eb e9 7e 9c 4e 51 00 d3 46 0b 09 8b c3 75 d5 c4 bb cf 81 76 ed 26 6d 52 04 b1 fd d9 9f fd 39 6f 6c d4 f6 28 b5 ed 1d ab df 18 c2 0b ab 8b 84 61 50 3e c8 a0 07 60 35 cb 79 be 49 05 4f 79 79 e0 55 5d 88 27 2e 6a ce 59 c2 c0 76 0f 98 22 15 79 ca 77 07 21 ea bc 24 f0 8a f1 a0 d0 59 42 b4 6e 18 9d 05 1b 88 4c 07 36 27 ac 35 7a 35 57 ee 00 06 06 08 fe 22 b1 7b 96 cd a4 4d 47 69 e5 26 cb b3 58 48 8d a3 6c 4f ca 5a 30 e4 f6 04 56 08 e4 77 28 ff 83 47 bd 90 08 fe 81 ed 34 8e 46 5d 1e 83 a2 ca 78 26 ae f1 1b 41 9c 8e ef f3 5d be c9 cb bc 8a 41 df 9e 74 80 36 4c 3e 4e f6 5a 6d e5 b6 20 bf 71 ad 32 d1 03 36 fd fd 6b 61 26 e3 8f b6 9d 3b 23 99 e7 f5 b6 16 96 76 1a 1a f0 ac 16 7b 5e 94 09
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: }Rn0~BKy~NQFuv&mR9ol(aP>`5yIOyyU]'.jYv"yw!$YBnL6'5z5W"{MGi&XHlOZ0Vw(G4F]x&A]At6L>NZm q26ka&;#v{^
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:44 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                77192.168.2.74996334.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC437OUTGET /v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1731362767688&_since=%221659924446436%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 10994
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:06:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 828
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 75 62 73 62 6b 75 78 33 37 34 71 67 75 6c 6e 64 6a 73 38 34 69 72 6c 64 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 4c 51 38 76
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"signature":{"ref":"ubsbkux374qgulndjs84irld","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"LQ8v
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 74 22 2c 22 70 6c 61 63 65 69 74 2e 6e 65 74 22 2c 22 74 68 65 6d 65 66 6f 72 65 73 74 2e 6e 65 74 22 2c 22 74 75 74 73 70 6c 75 73 2e 63 6f 6d 22 2c 22 76 69 64 65 6f 68 69 76 65 2e 6e 65 74 22 5d 2c 5b 22 61 61 2e 63 6f 6d 22 2c 22 61 6d 65 72 69 63 61 6e 61 69 72 6c 69 6e 65 73 2e 63 6f 6d 22 2c 22 61 6d 65 72 69 63 61 6e 61 69 72 6c 69 6e 65 73 2e 6a 70 22 5d 2c 5b 22 61 65 74 6e 61 2e 63 6f 6d 22 2c 22 62 61 6e 6e 65 72 61 65 74 6e 61 2e 6d 79 70 6c 61 6e 70 6f 72 74 61 6c 2e 63 6f 6d 22 5d 2c 5b 22 61 69 72 62 6e 62 2e 63 6f 6d 2e 61 72 22 2c 22 61 69 72 62 6e 62 2e 63 6f 6d 2e 61 75 22 2c 22 61 69 72 62 6e 62 2e 61 74 22 2c 22 61 69 72 62 6e 62 2e 62 65 22 2c 22 61 69 72 62 6e 62 2e 63 6f 6d 2e 62 7a 22 2c 22 61 69 72 62 6e 62 2e 63 6f 6d 2e 62 6f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: t","placeit.net","themeforest.net","tutsplus.com","videohive.net"],["aa.com","americanairlines.com","americanairlines.jp"],["aetna.com","banneraetna.myplanportal.com"],["airbnb.com.ar","airbnb.com.au","airbnb.at","airbnb.be","airbnb.com.bz","airbnb.com.bo
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 61 6d 61 7a 6f 6e 2e 65 73 22 2c 22 61 6d 61 7a 6f 6e 2e 63 6f 6d 2e 74 72 22 2c 22 61 6d 61 7a 6f 6e 2e 63 6f 2e 75 6b 22 2c 22 61 6d 61 7a 6f 6e 2e 73 61 22 2c 22 61 6d 61 7a 6f 6e 2e 73 67 22 2c 22 61 6d 61 7a 6f 6e 2e 73 65 22 2c 22 61 6d 61 7a 6f 6e 2e 70 6c 22 5d 2c 5b 22 61 6d 63 72 65 73 74 63 6c 6f 75 64 2e 63 6f 6d 22 2c 22 61 6d 63 72 65 73 74 76 69 65 77 2e 63 6f 6d 22 5d 2c 5b 22 61 6d 65 72 69 63 61 73 74 65 73 74 6b 69 74 63 68 65 6e 2e 63 6f 6d 22 2c 22 63 6f 6f 6b 73 69 6c 6c 75 73 74 72 61 74 65 64 2e 63 6f 6d 22 2c 22 63 6f 6f 6b 73 63 6f 75 6e 74 72 79 2e 63 6f 6d 22 2c 22 6f 6e 6c 69 6e 65 63 6f 6f 6b 69 6e 67 73 63 68 6f 6f 6c 2e 63 6f 6d 22 5d 2c 5b 22 61 6d 65 72 69 74 72 61 64 65 2e 63 6f 6d 22 2c 22 74 64 61 6d 65 72 69 74 72 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: amazon.es","amazon.com.tr","amazon.co.uk","amazon.sa","amazon.sg","amazon.se","amazon.pl"],["amcrestcloud.com","amcrestview.com"],["americastestkitchen.com","cooksillustrated.com","cookscountry.com","onlinecookingschool.com"],["ameritrade.com","tdameritra
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 5d 2c 5b 22 64 61 6e 2e 6f 72 67 22 2c 22 64 69 76 65 72 73 61 6c 65 72 74 6e 65 74 77 6f 72 6b 2e 6f 72 67 22 5d 2c 5b 22 64 69 6e 65 72 73 63 6c 75 62 6e 6f 72 74 68 61 6d 65 72 69 63 61 2e 63 6f 6d 22 2c 22 64 69 6e 65 72 73 63 6c 75 62 75 73 2e 63 6f 6d 22 5d 2c 5b 22 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 22 2c 22 64 69 73 63 6f 72 64 2e 63 6f 6d 22 5d 2c 5b 22 64 69 73 63 6f 72 64 6d 65 72 63 68 2e 63 6f 6d 22 2c 22 64 69 73 63 6f 72 64 2e 73 74 6f 72 65 22 5d 2c 5b 22 64 69 73 63 6f 76 65 72 63 61 72 64 2e 63 6f 6d 22 2c 22 64 69 73 63 6f 76 65 72 2e 63 6f 6d 22 5d 2c 5b 22 64 69 73 68 2e 63 6f 6d 22 2c 22 6d 79 64 69 73 68 2e 63 6f 6d 22 2c 22 64 69 73 68 6e 65 74 77 6f 72 6b 2e 63 6f 6d 22 5d 2c 5b 22 64 69 73 6e 65 79 2e 63 6f 6d 22 2c 22 64
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ],["dan.org","diversalertnetwork.org"],["dinersclubnorthamerica.com","dinersclubus.com"],["discordapp.com","discord.com"],["discordmerch.com","discord.store"],["discovercard.com","discover.com"],["dish.com","mydish.com","dishnetwork.com"],["disney.com","d
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 6f 22 2c 22 73 65 6c 66 61 77 62 2e 72 6f 22 5d 2c 5b 22 66 61 6e 64 61 6e 67 6f 6e 6f 77 2e 63 6f 6d 22 2c 22 66 61 6e 64 61 6e 67 6f 2e 63 6f 6d 22 5d 2c 5b 22 66 69 64 65 6c 69 74 79 2e 63 6f 6d 22 2c 22 66 69 64 65 6c 69 74 79 69 6e 76 65 73 74 6d 65 6e 74 73 2e 63 6f 6d 22 5d 2c 5b 22 66 6c 79 62 6c 61 64 65 2e 63 6f 6d 22 2c 22 62 6c 61 64 65 2e 63 6f 6d 22 5d 2c 5b 22 66 6c 79 69 6e 67 62 6c 75 65 2e 63 6f 6d 22 2c 22 6b 6c 6d 2e 63 6f 6d 22 5d 2c 5b 22 66 6e 61 63 2e 63 6f 6d 22 2c 22 66 6e 61 63 73 70 65 63 74 61 63 6c 65 73 2e 63 6f 6d 22 5d 2c 5b 22 66 6f 75 72 6c 65 61 66 2e 6e 65 74 22 2c 22 66 6f 75 72 6c 65 61 66 2e 63 6c 22 5d 2c 5b 22 66 6f 75 72 73 71 75 61 72 65 2e 63 6f 6d 22 2c 22 73 77 61 72 6d 61 70 70 2e 63 6f 6d 22 5d 2c 5b 22 67
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: o","selfawb.ro"],["fandangonow.com","fandango.com"],["fidelity.com","fidelityinvestments.com"],["flyblade.com","blade.com"],["flyingblue.com","klm.com"],["fnac.com","fnacspectacles.com"],["fourleaf.net","fourleaf.cl"],["foursquare.com","swarmapp.com"],["g
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 6d 78 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 6e 69 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 70 61 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 70 65 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 70 79 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 73 76 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 75 79 22 2c 22 6d 65 72 63 61 64 6f 6c 69 62 72 65 2e 63 6f 6d 2e 76 65 22 2c 22 6d 65 72 63 61 64 6f 70 61 67 6f 2e 63 6c 22 2c 22 6d 65 72 63 61 64 6f 70 61 67 6f 2e 63 6f 6d 2e 61 72 22 2c 22 6d 65 72 63 61 64 6f 70 61 67 6f 2e 63 6f 6d 2e 63 6f 22 2c 22 6d 65 72 63 61 64 6f 70 61 67 6f 2e 63 6f 6d 2e 65 63 22 2c 22 6d 65 72
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: adolibre.com.mx","mercadolibre.com.ni","mercadolibre.com.pa","mercadolibre.com.pe","mercadolibre.com.py","mercadolibre.com.sv","mercadolibre.com.uy","mercadolibre.com.ve","mercadopago.cl","mercadopago.com.ar","mercadopago.com.co","mercadopago.com.ec","mer
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 6e 74 65 72 65 73 74 2e 69 74 22 2c 22 70 69 6e 74 65 72 65 73 74 2e 61 74 22 2c 22 70 69 6e 74 65 72 65 73 74 2e 6a 70 22 2c 22 70 69 6e 74 65 72 65 73 74 2e 63 6c 22 2c 22 70 69 6e 74 65 72 65 73 74 2e 69 65 22 2c 22 70 69 6e 74 65 72 65 73 74 2e 63 6f 2e 6b 72 22 2c 22 70 69 6e 74 65 72 65 73 74 2e 6e 7a 22 5d 2c 5b 22 70 6f 63 6b 65 74 2e 63 6f 6d 22 2c 22 67 65 74 70 6f 63 6b 65 74 2e 63 6f 6d 22 5d 2c 5b 22 70 6f 73 74 6e 6c 2e 6e 6c 22 2c 22 70 6f 73 74 6e 6c 2e 62 65 22 5d 2c 5b 22 70 72 65 74 65 6e 64 6f 2e 6e 65 74 77 6f 72 6b 22 2c 22 70 72 65 74 65 6e 64 6f 2e 63 63 22 5d 2c 5b 22 70 72 6f 62 69 6b 65 73 68 6f 70 2e 66 72 22 2c 22 62 69 6b 65 73 68 6f 70 2e 65 73 22 2c 22 70 72 6f 62 69 6b 65 73 68 6f 70 2e 69 74 22 2c 22 70 72 6f 62 69 6b 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: nterest.it","pinterest.at","pinterest.jp","pinterest.cl","pinterest.ie","pinterest.co.kr","pinterest.nz"],["pocket.com","getpocket.com"],["postnl.nl","postnl.be"],["pretendo.network","pretendo.cc"],["probikeshop.fr","bikeshop.es","probikeshop.it","probike
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC1390INData Raw: 22 66 72 65 65 74 61 78 75 73 61 2e 63 6f 6d 22 2c 22 65 78 70 72 65 73 73 31 30 34 30 2e 63 6f 6d 22 5d 2c 5b 22 74 65 6c 65 67 72 61 6d 2e 6d 65 22 2c 22 74 65 6c 65 67 72 61 6d 2e 6f 72 67 22 5d 2c 5b 22 74 65 6c 65 6b 6f 6d 2d 64 69 65 6e 73 74 65 2e 64 65 22 2c 22 61 63 63 6f 75 6e 74 73 2e 6c 6f 67 69 6e 2e 69 64 6d 2e 74 65 6c 65 6b 6f 6d 2e 63 6f 6d 22 5d 2c 5b 22 74 65 73 6c 61 2e 63 6f 6d 22 2c 22 74 65 73 6c 61 6d 6f 74 6f 72 73 2e 63 6f 6d 22 5d 2c 5b 22 74 69 63 6b 65 74 6d 61 73 74 65 72 2e 63 6f 6d 22 2c 22 6c 69 76 65 6e 61 74 69 6f 6e 2e 63 6f 6d 22 5d 2c 5b 22 74 69 6e 67 2e 63 6f 6d 22 2c 22 74 69 6e 67 6d 6f 62 69 6c 65 2e 63 6f 6d 22 5d 2c 5b 22 74 70 2d 6c 69 6e 6b 2e 63 6f 6d 22 2c 22 74 70 6c 69 6e 6b 63 6c 6f 75 64 2e 63 6f 6d 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "freetaxusa.com","express1040.com"],["telegram.me","telegram.org"],["telekom-dienste.de","accounts.login.idm.telekom.com"],["tesla.com","teslamotors.com"],["ticketmaster.com","livenation.com"],["ting.com","tingmobile.com"],["tp-link.com","tplinkcloud.com"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC431INData Raw: 77 77 77 2e 73 65 65 6b 2e 63 6f 2e 6e 7a 22 2c 22 6a 6f 62 73 64 62 2e 63 6f 6d 22 2c 22 68 6b 2e 6a 6f 62 73 64 62 2e 63 6f 6d 22 2c 22 73 67 2e 6a 6f 62 73 64 62 2e 63 6f 6d 22 2c 22 74 68 2e 6a 6f 62 73 64 62 2e 63 6f 6d 22 2c 22 6a 6f 62 73 74 72 65 65 74 2e 63 6f 6d 22 2c 22 6d 79 6a 6f 62 73 74 72 65 65 74 2e 6a 6f 62 73 74 72 65 65 74 2e 63 6f 2e 69 64 22 2c 22 6d 79 6a 6f 62 73 74 72 65 65 74 2e 6a 6f 62 73 74 72 65 65 74 2e 63 6f 6d 2e 6d 79 22 2c 22 6d 79 6a 6f 62 73 74 72 65 65 74 2e 6a 6f 62 73 74 72 65 65 74 2e 63 6f 6d 2e 70 68 22 2c 22 6d 79 6a 6f 62 73 74 72 65 65 74 2e 6a 6f 62 73 74 72 65 65 74 2e 63 6f 6d 2e 73 67 22 2c 22 6c 6f 67 69 6e 2e 73 65 65 6b 2e 63 6f 6d 22 5d 2c 5b 22 77 77 77 2e 76 69 73 74 61 70 72 69 6e 74 2e 63 61 22 2c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: www.seek.co.nz","jobsdb.com","hk.jobsdb.com","sg.jobsdb.com","th.jobsdb.com","jobstreet.com","myjobstreet.jobstreet.co.id","myjobstreet.jobstreet.com.my","myjobstreet.jobstreet.com.ph","myjobstreet.jobstreet.com.sg","login.seek.com"],["www.vistaprint.ca",


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                78192.168.2.74996434.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC620OUTPOST /submit/firefox-desktop/baseline/1/fd8333a1-5c20-43fd-be9a-c02c3dee98b8 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:27:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 759
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:45 UTC759OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 9d 54 db 6e e3 36 10 fd 17 bd 6e 46 20 29 ea fa 07 7d 6e 8a 3e 0a bc 8c 1c 62 25 4a 25 29 27 ee 22 ff de a1 9c 38 ee 22 c8 02 0b 10 86 3c 97 33 67 0e 87 f3 a3 d8 9c 3f 8d ce 4f 6b 31 fc 28 22 fe 53 0c e2 a1 88 49 85 34 26 b7 60 31 14 82 89 0a 38 03 56 3f b2 6e 90 fc 1b e3 03 63 c5 43 81 de de c5 48 e0 02 58 fb c8 f9 20 6a 0a be c6 04 54 71 f5 14 a1 4c 72 67 cc 59 2f 1b 06 ca f2 29 e6 92 8b 7b 41 0b 66 f5 89 2c 30 e3 19 67 10 10 d6 79 86 75 4f 10 70 26 04 04 ce ab 1c ad 83 f2 e6 89 e0 72 02 05 1d 78 29 a8 ec 43 9f b3 32 f0 1f 96 22 ac b2 aa a9 8d 04 35 55 0d 48 65 26 d0 53 cd a1 99 54 65 50 b5 86 3e 28 3d 5d b6 dc 80 77 8b de e3 51 97 ca 16 af af 0f c5 be 9d 82 b2 08 71 5b d3 ec 4e 4f e9 e6 bd 27 92 a8 c3 94 8b de 53 f9 1c f4
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Tn6nF )}n>b%J%)'"8"<3g?Ok1("SI4&`18V?ncCHX jTqLrgY/){Af,0gyuOp&rx)C2"5UHe&STeP>(=]wQq[NO'S
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:46 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                79192.168.2.74997134.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:47 UTC416OUTGET /v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1731429440245&_since=%221694014137037%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 23543
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:26:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3285
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 74 65 6c 65 6d 65 74 72 79 49 64 22 2c 22 73 65 61 72 63 68 50 61 67 65 52 65 67 65 78 70 22 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 22 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 73 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 73 53 50 41 22 3a 7b 22 74 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 74 69 74 6c 65 22 3a 22 49 73 20 53 69 6e 67 6c 65 20 50 61 67 65 20 41 70 70 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 57 68 65 74 68 65 72 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 65 78 68 69 62 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["telemetryId","searchPageRegexp","queryParamName","queryParamNames"],"properties":{"isSPA":{"type":"boolean","title":"Is Single Page App","description":"Whether the provider exhibi
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 65 64 2e 20 44 65 66 61 75 6c 74 73 20 74 6f 20 66 61 6c 73 65 2e 22 7d 2c 22 74 6f 70 44 6f 77 6e 22 3a 7b 22 74 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 57 68 65 74 68 65 72 20 74 68 65 20 63 6f 6d 70 6f 6e 65 6e 74 20 73 68 6f 75 6c 64 20 62 65 20 66 6f 75 6e 64 20 66 69 72 73 74 20 62 79 20 75 73 69 6e 67 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 20 6f 6e 20 74 68 65 20 70 61 72 65 6e 74 20 73 65 6c 65 63 74 6f 72 20 64 65 66 69 6e 69 74 69 6f 6e 2e 20 44 65 66 61 75 6c 74 73 20 74 6f 20 66 61 6c 73 65 2e 22 7d 2c 22 65 78 63 6c 75 64 65 64 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 70 61 72 65 6e 74 22 3a 7b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ed. Defaults to false."},"topDown":{"type":"boolean","description":"Whether the component should be found first by using document.querySelectorAll on the parent selector definition. Defaults to false."},"excluded":{"type":"object","properties":{"parent":{
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 63 68 53 45 52 50 54 65 6c 65 6d 65 74 72 79 43 68 69 6c 64 2e 22 7d 7d 7d 2c 22 63 68 69 6c 64 72 65 6e 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 73 65 6c 65 63 74 6f 72 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 74 79 70 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 70 61 74 74 65 72 6e 22 3a 22 5e 5b 61 2d 7a 5d 28 3f 3a 5f 3f 5b 61 2d 7a 5d 29 2a 24 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 63 6f 6d 70 6f 6e 65 6e 74 20 74 79 70 65 20 74 6f 20 75 73 65 20 69 66 20 74 68 69 73 20 63 68 69 6c 64 20 69 73 20 70 72 65 73 65 6e 74 2e 22 7d 2c 22 73 65 6c 65 63 74 6f 72 22 3a 7b 22 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: chSERPTelemetryChild."}}},"children":{"type":"array","items":{"type":"object","required":["selector"],"properties":{"type":{"type":"string","pattern":"^[a-z](?:_?[a-z])*$","description":"The component type to use if this child is present."},"selector":{"t
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 65 66 73 20 74 68 65 20 73 65 6c 65 63 74 6f 72 20 6d 61 74 63 68 65 73 20 61 67 61 69 6e 73 74 2e 22 7d 7d 7d 2c 22 74 61 67 67 65 64 43 6f 64 65 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 70 61 74 74 65 72 6e 22 3a 22 5e 5b 61 2d 7a 41 2d 5a 30 2d 39 2d 2e 5f 5d 2a 24 22 7d 2c 22 74 69 74 6c 65 22 3a 22 50 61 72 74 6e 65 72 20 43 6f 64 65 73 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 41 6e 20 61 72 72 61 79 20 6f 66 20 70 61 72 74 6e 65 72 20 63 6f 64 65 73 20 74 6f 20 6d 61 74 63 68 20 61 67 61 69 6e 73 74 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 69 6e 20 74 68 65 20 75 72 6c 2e 20 4d 61 74 63 68 69 6e 67 20 74 68 65 73 65 20 63 6f 64 65 73 20 77
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: efs the selector matches against."}}},"taggedCodes":{"type":"array","items":{"type":"string","pattern":"^[a-zA-Z0-9-._]*$"},"title":"Partner Codes","description":"An array of partner codes to match against the parameters in the url. Matching these codes w
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 20 46 69 72 65 66 6f 78 20 31 32 38 20 61 6e 64 20 62 65 79 6f 6e 64 2e 20 54 68 65 72 65 66 6f 72 65 20 64 6f 20 6e 6f 74 20 75 73 65 20 74 68 69 73 20 70 72 6f 70 65 72 74 79 2e 20 50 6c 65 61 73 65 20 75 73 65 20 60 73 69 67 6e 65 64 49 6e 43 6f 6f 6b 69 65 73 60 20 69 6e 73 74 65 61 64 2e 22 7d 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 53 65 61 72 63 68 20 51 75 65 72 79 20 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 66 6f 72 20 74 68 65 20 75 73 65 72 27 73 20 73 65 61 72 63 68 20 73 74 72 69 6e 67 2e 20 54 68 69 73 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: Firefox 128 and beyond. Therefore do not use this property. Please use `signedInCookies` instead."},"queryParamName":{"type":"string","title":"Search Query Parameter Name","description":"The name of the query parameter for the user's search string. This
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 6f 66 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 73 20 74 68 61 74 20 6d 61 79 20 62 65 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 75 73 65 72 27 73 20 73 65 61 72 63 68 20 73 74 72 69 6e 67 2e 22 7d 2c 22 73 69 67 6e 65 64 49 6e 43 6f 6f 6b 69 65 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 68 6f 73 74 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 68 6f 73 74 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 61 20 67 69 76 65 6e 20 63 6f 6f 6b 69 65 2e 22 7d 2c 22 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 73 63 72 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: of query parameters that may be used for the user's search string."},"signedInCookies":{"type":"array","items":{"type":"object","properties":{"host":{"type":"string","description":"The host associated with a given cookie."},"name":{"type":"string","descri
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6d 61 74 63 68 69 6e 67 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 2e 22 7d 2c 22 74 69 74 6c 65 22 3a 22 4e 6f 6e 2d 61 64 73 20 6c 69 6e 6b 20 6d 61 74 63 68 69 6e 67 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 73 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 41 6e 20 61 72 72 61 79 20 63 6f 6e 74 61 69 6e 69 6e 67 20 6b 6e 6f 77 6e 20 70 61 74 74 65 72 6e 73 20 74 68 61 74 20 6d 61 74 63 68 20 6e 6f 6e 2d 61 64 20 6c 69 6e 6b 73 20 66 72 6f 6d 20 61 20 73 65 61 72 63 68 20 70 72 6f 76 69 64 65 72 2e 22 7d 2c 22 73 65 61 72 63 68 50 61 67 65 4d 61 74 63 68 65 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: cription":"The matching regular expression."},"title":"Non-ads link matching regular expressions","description":"An array containing known patterns that match non-ad links from a search provider."},"searchPageMatches":{"type":"array","items":{"type":"stri
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 61 72 63 68 20 70 61 67 65 20 69 73 20 62 65 69 6e 67 20 73 68 6f 77 6e 2e 22 7d 2c 22 76 61 6c 75 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 76 61 6c 75 65 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 74 68 61 74 20 73 68 6f 75 6c 64 20 62 65 20 6d 61 74 63 68 65 64 20 61 67 61 69 6e 73 74 2e 22 7d 7d 7d 2c 22 65 78 74 72 61 41 64 53 65 72 76 65 72 73 52 65 67 65 78 70 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 74 69 74 6c 65 22 3a 22 45 78 74 72 61 20 41 64 20 53 65 72 76 65 72 20 52 65 67 75 6c 61 72 20 45 78 70 72 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: arch page is being shown."},"value":{"type":"string","description":"The value corresponding to the query parameter that should be matched against."}}},"extraAdServersRegexps":{"type":"array","items":{"type":"string"},"title":"Extra Ad Server Regular Expre
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 65 66 22 5d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 65 78 74 72 61 63 74 69 6f 6e 20 6d 65 74 68 6f 64 20 74 6f 20 75 73 65 20 66 6f 72 20 74 68 65 20 71 75 65 72 79 2e 22 7d 2c 22 6f 70 74 69 6f 6e 73 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 71 75 65 72 79 50 61 72 61 6d 4b 65 79 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 71 75 65 72 79 50 61 72 61 6d 4b 65 79 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 6b 65 79 20 74 6f 20 69 6e 73 70 65 63 74 20 69 6e 20 74 68 65 20 68 72 65 66 2e 22 7d 2c 22 71 75 65 72 79 50 61 72 61 6d 56 61 6c 75 65 49 73 48 72 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ef"],"description":"The extraction method to use for the query."},"options":{"type":"object","required":["queryParamKey"],"properties":{"queryParamKey":{"type":"string","description":"The query parameter key to inspect in the href."},"queryParamValueIsHre
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC1390INData Raw: 76 65 6e 74 20 74 6f 20 6c 69 73 74 65 6e 20 66 6f 72 2e 20 43 75 73 74 6f 6d 20 65 76 65 6e 74 73 2c 20 65 73 70 65 63 69 61 6c 6c 79 20 74 68 6f 73 65 20 77 69 74 68 20 73 70 65 63 69 61 6c 20 6c 6f 67 69 63 20 6c 69 6b 65 20 6b 65 79 64 6f 77 6e 45 6e 74 65 72 2c 20 63 61 6e 20 62 65 20 75 73 65 64 20 69 66 20 74 68 65 20 44 65 73 6b 74 6f 70 20 63 6f 64 65 20 68 61 73 20 62 65 65 6e 20 75 70 64 61 74 65 64 2e 22 7d 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 45 76 65 6e 74 20 6c 69 73 74 65 6e 65 72 73 20 61 74 74 61 63 68 65 64 20 74 6f 20 61 20 63 6f 6d 70 6f 6e 65 6e 74 2e 22 7d 2c 22 65 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 24 72 65 66 22 3a 22 23 2f 64 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: vent to listen for. Custom events, especially those with special logic like keydownEnter, can be used if the Desktop code has been updated."}},"description":"Event listeners attached to a component."},"eventListeners":{"type":"array","items":{"$ref":"#/de


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                80192.168.2.74997234.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:47 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/2c87525f-9d8e-48bf-a4ce-1f929c072dc6 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:27:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 731
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:47 UTC731OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff ad 54 4d 8f db 36 10 fd 2f bc 66 c7 25 29 ea cb b7 1c 82 a2 87 b6 40 bc 45 2f 01 04 8a 1c d9 44 64 4a 21 a9 f5 6e 82 fc f7 0c 65 c7 d9 64 9d 4b 10 40 10 88 99 c7 c7 c7 c7 99 f9 c4 66 e7 f7 9d f3 c3 c4 b6 9f 58 c4 0f 6c 2b f9 1d 8b 49 87 d4 25 77 44 b6 65 92 cb 02 04 07 5e de f3 66 ab c4 2b 2e b6 9c b3 3b 86 de 3e c3 28 10 12 78 7d 2f c4 56 56 04 be 60 1e 67 0c 84 f1 29 e6 13 8e ee 11 2d 98 c9 27 8a c0 88 0f 38 82 84 30 8d 23 4c 4b 82 80 23 ea 88 20 44 91 d1 7d d0 de 1c 88 3e 6f 20 d0 ca 97 82 ce b9 f4 34 e7 83 bd 3b f6 4b 5c 19 88 60 15 95 d7 f9 c0 bf 2c e5 ad b6 ba 2a 8d 02 3d 14 15 28 6d 06 e8 87 52 40 35 e8 c2 a0 ae 0d 2d d8 e7 cf 2b 31 fa e8 26 1f e1 e8 f6 41 27 5a 82 a3 ef 38 4f 21 c1 c9 7d d4 c1 92 b0 ea 7a d6 ef 11 38
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TM6/f%)@E/DdJ!nedK@fXl+I%wDe^f+.;>(x}/VV`g)-'80#LK# D}>o 4;K\`,*=(mR@5-+1&A'Z8O!}z8
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:48 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                81192.168.2.74997834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:49 UTC411OUTGET /v1/buckets/main/collections/password-rules/changeset?_expected=1731438148174&_since=%221679600032742%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 25097
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:00:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 1235
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Thu, 05 Dec 2024 00:00:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 33 30 63 71 6c 31 66 64 75 75 79 74 77 32 37 73 78 64 30 35 37 67 71 65 6c 66 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 6c 59
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"signature":{"ref":"30cql1fduuytw27sxd057gqelf","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"lY
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 3b 22 2c 22 69 64 22 3a 22 66 64 64 65 32 31 34 65 2d 39 63 66 30 2d 34 65 38 65 2d 62 65 62 39 2d 61 33 65 66 39 33 66 34 32 38 39 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 31 37 34 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 61 65 6f 6e 2e 63 6f 2e 6a 70 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 2d 63 6f 6e 73 65 63 75 74 69 76 65 3a 20 33 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 2c 6c 6f 77 65 72 2c 5b 23 24 2b 2e 2f 3a 3d 3f 40 5b 5e 5f 7c 7e 5d 5d 3b 22 2c 22 69 64 22 3a 22 38 34 33 31 32 33 64 62 2d 65 65 34 38 2d 34 36 62 31 2d 61 31 65 62
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ;","id":"fdde214e-9cf0-4e8e-beb9-a3ef93f42890","last_modified":1731438148174},{"Domain":"aeon.co.jp","password-rules":"minlength: 8; maxlength: 8; max-consecutive: 3; required: digit; required: upper,lower,[#$+./:=?@[^_|~]];","id":"843123db-ee48-46b1-a1eb
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 31 34 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 40 24 21 25 2a 3f 26 5d 3b 22 2c 22 69 64 22 3a 22 31 64 37 65 66 35 34 39 2d 63 31 62 63 2d 34 31 63 61 2d 38 62 31 36 2d 30 38 35 65 66 62 66 32 34 64 38 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 31 34 39 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 61 70 70 6c 65 6c 6f 61 6e 2e 63 69 74 69 7a 65 6e 73 62 61 6e 6b 2e 63 6f 6d 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 31 30 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 32 30 3b 20 6d 61 78
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ; maxlength: 14; required: lower; required: upper; required: digit; required: [@$!%*?&];","id":"1d7ef549-c1bc-41ca-8b16-085efbf24d83","last_modified":1731438148149},{"Domain":"appleloan.citizensbank.com","password-rules":"minlength: 10; maxlength: 20; max
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 64 22 3a 31 37 33 31 34 33 38 31 34 38 31 33 31 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 63 68 61 72 6c 69 65 2e 6d 62 74 61 2e 63 6f 6d 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 31 30 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 21 23 24 25 40 5e 5d 3b 22 2c 22 69 64 22 3a 22 35 30 66 38 35 35 63 66 2d 31 62 64 36 2d 34 33 30 39 2d 39 32 66 38 2d 64 62 63 61 32 35 37 35 31 34 30 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 31 32 38 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 63 6c 61 72 6b 73 6f 6e 65 79 65 63 61 72 65 2e 63
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: d":1731438148131},{"Domain":"charlie.mbta.com","password-rules":"minlength: 10; required: lower; required: upper; required: digit; required: [!#$%@^];","id":"50f855cf-1bd6-4309-92f8-dbca2575140b","last_modified":1731438148128},{"Domain":"clarksoneyecare.c
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 30 63 31 34 65 38 33 2d 63 65 38 62 2d 34 31 32 62 2d 38 63 64 39 2d 65 64 32 33 62 38 65 63 62 32 64 39 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 31 31 30 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 65 64 69 73 74 72 69 63 74 2e 6b 65 72 61 6c 61 2e 67 6f 76 2e 69 6e 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 35 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 31 35 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 21 40 23 24 5d 3b 22 2c 22 69 64 22 3a 22 66 62 62 39 36 37 62 34 2d 38 38 31 62 2d 34 65 61 63 2d 61 37 64 30 2d 61 39 64 36
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 0c14e83-ce8b-412b-8cd9-ed23b8ecb2d9","last_modified":1731438148110},{"Domain":"edistrict.kerala.gov.in","password-rules":"minlength: 5; maxlength: 15; required: lower; required: upper; required: digit; required: [!@#$];","id":"fbb967b4-881b-4eac-a7d0-a9d6
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 20 6d 61 78 6c 65 6e 67 74 68 3a 20 33 30 3b 20 6d 61 78 2d 63 6f 6e 73 65 63 75 74 69 76 65 3a 20 33 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 23 24 25 5e 26 21 40 5d 3b 22 2c 22 69 64 22 3a 22 30 32 31 36 31 36 64 63 2d 32 36 36 34 2d 34 30 38 36 2d 61 33 31 35 2d 37 33 66 38 33 35 39 31 39 63 31 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 30 38 38 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 68 65 72 74 7a 2d 6b 75 77 61 69 74 2e 63 6f 6d 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 6c 65 6e 67 74 68 3a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];","id":"021616dc-2664-4086-a315-73f835919c15","last_modified":1731438148088},{"Domain":"hertz-kuwait.com","password-rules":"minlength: 8; maxlength:
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 68 65 72 74 7a 2e 63 61 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 33 30 3b 20 6d 61 78 2d 63 6f 6e 73 65 63 75 74 69 76 65 3a 20 33 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 23 24 25 5e 26 21 40 5d 3b 22 2c 22 69 64 22 3a 22 63 39 34 65 36 31 64 62 2d 62 39 33 30 2d 34 62 62 62 2d 39 39 63 35 2d 32 35 36 65 64 32 61 38 62 66 61 36 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 30 36 39 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 68 65 72 74 7a 2e 63 68 22 2c 22 70 61 73 73 77 6f 72 64
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hertz.ca","password-rules":"minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];","id":"c94e61db-b930-4bbb-99c5-256ed2a8bfa6","last_modified":1731438148069},{"Domain":"hertz.ch","password
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 30 35 32 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 68 65 72 74 7a 2e 63 6f 2e 6e 7a 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 33 30 3b 20 6d 61 78 2d 63 6f 6e 73 65 63 75 74 69 76 65 3a 20 33 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 23 24 25 5e 26 21 40 5d 3b 22 2c 22 69 64 22 3a 22 33 66 33 64 30 31 33 36 2d 61 33 63 36 2d 34 37 32 32 2d 39 62 34 38 2d 30 30 34 38 66 66 31 39 35 38 36 63 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: odified":1731438148052},{"Domain":"hertz.co.nz","password-rules":"minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];","id":"3f3d0136-a3c6-4722-9b48-0048ff19586c","last_modified":1731438
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 3a 22 62 36 65 65 39 35 39 39 2d 62 30 62 66 2d 34 62 35 66 2d 62 64 33 66 2d 66 62 39 31 38 38 35 61 62 65 62 39 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 30 33 32 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 68 65 72 74 7a 2e 63 6f 6d 2e 6b 77 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 33 30 3b 20 6d 61 78 2d 63 6f 6e 73 65 63 75 74 69 76 65 3a 20 33 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 23 24 25 5e 26 21 40 5d 3b 22 2c 22 69 64 22 3a 22 34 31 66 61 65 30 34 66 2d 36 66 61 65
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: :"b6ee9599-b0bf-4b5f-bd3f-fb91885abeb9","last_modified":1731438148032},{"Domain":"hertz.com.kw","password-rules":"minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: digit; required: [#$%^&!@];","id":"41fae04f-6fae
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC1390INData Raw: 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69 67 69 74 3b 20 72 65 71 75 69 72 65 64 3a 20 5b 23 24 25 5e 26 21 40 5d 3b 22 2c 22 69 64 22 3a 22 31 35 34 33 37 35 35 38 2d 32 35 36 37 2d 34 64 35 34 2d 38 62 38 38 2d 39 32 63 63 30 39 62 66 38 35 38 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 31 34 33 38 31 34 38 30 31 33 7d 2c 7b 22 44 6f 6d 61 69 6e 22 3a 22 68 65 72 74 7a 2e 63 76 22 2c 22 70 61 73 73 77 6f 72 64 2d 72 75 6c 65 73 22 3a 22 6d 69 6e 6c 65 6e 67 74 68 3a 20 38 3b 20 6d 61 78 6c 65 6e 67 74 68 3a 20 33 30 3b 20 6d 61 78 2d 63 6f 6e 73 65 63 75 74 69 76 65 3a 20 33 3b 20 72 65 71 75 69 72 65 64 3a 20 6c 6f 77 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 75 70 70 65 72 3b 20 72 65 71 75 69 72 65 64 3a 20 64 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: upper; required: digit; required: [#$%^&!@];","id":"15437558-2567-4d54-8b88-92cc09bf858b","last_modified":1731438148013},{"Domain":"hertz.cv","password-rules":"minlength: 8; maxlength: 30; max-consecutive: 3; required: lower; required: upper; required: di


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                82192.168.2.74997934.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC628OUTPOST /submit/firefox-desktop/messaging-system/1/713c9500-f587-4e6c-82b5-e8158036c7af HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:27:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 730
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:50 UTC730OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 9d 54 4b 8f db 36 10 fe 2f bc 66 c7 25 29 ea e5 5b 0e 41 d1 43 5b 20 4e d1 4b 00 61 44 52 36 51 89 52 49 6a bd db 20 ff bd 43 d9 d9 2c b2 46 5e 80 60 d0 33 df cc 7c f3 fc c0 16 e7 8f 9d f3 c3 cc f6 1f 58 b4 ff b2 bd 14 77 2c 26 0c a9 4b 6e b2 6c cf 24 97 0a 84 04 5e bf 13 62 2f 2b e0 e5 9e 73 76 c7 ac 37 df c6 3c 2c 36 10 c6 a7 98 23 e8 78 0f 6e 5a e6 90 20 d8 d1 62 b4 10 e6 71 9c d7 94 b5 7d 40 af 4f e4 ce 7a ec 47 0b 9f d1 9b a7 14 30 a3 d2 e3 92 43 7a 37 f5 6b 7c 32 cf 74 f2 3b 87 fa cd 90 de 08 a5 b5 96 03 f0 a2 e8 41 b5 ba 06 94 96 83 a9 51 aa da 16 5c 0e 82 7d fc b8 39 b6 3e ba d9 47 98 dc 31 60 a2 27 38 ff 89 e7 d9 fd 87 c1 80 10 d5 4d aa 7a f6 89 e4 cf 09 7e 41 64 90 43 63 7a a1 c1 68 2e 41 09 dd 40 5f 98 0a 44 29 b1
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: TK6/f%)[AC[ NKaDR6QRIj C,F^`3|Xw,&Knl$^b/+sv7<,6#xnZ bq}@OzG0Cz7k|2t;AQ\}9>G1`'8Mz~AdCczh.A@_D)
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:51 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                83192.168.2.74998334.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC414OUTGET /v1/buckets/main/collections/translations-wasm/changeset?_expected=1733343786142&_since=%221681500422552%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 2691
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:23:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3461
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Wed, 04 Dec 2024 20:23:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 6e 61 6d 65 22 2c 22 72 65 6c 65 61 73 65 22 2c 22 72 65 76 69 73 69 6f 6e 22 2c 22 6c 69 63 65 6e 73 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 72 6f 6a 65 63 74 2c 20 65 2e 67 2e 20 62 65 72 67 61 6d 6f 74 2d 74 72 61 6e 73 6c 61 74 6f 72 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["name","release","revision","license"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the project, e.g. bergamot-translator"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC1390INData Raw: 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 68 4a 78 32 66 36 4a 32 31 58 7a 51 6f 67 65 67 59 50 4f 2d 68 5f 70 69 6e 68 53 6d 32 34 69 32 6e 4b 6a 31 4d 36 77 67 4e 39 4a 39 55 6a 46 4c 59 44 49 31 55 72 6e 53 36 39 4e 50 56 6f 66 66 73 63 5f 38 62 4a 4b 76 43 59 5f 38 4e 4e 61 5a 73 58 6f 7a 77 62 2d 36 64 38 4c 31 67 33 72 6a 79 61 6d 59 37 54 5a 4b 63 64 78 63 43 72 46 46 66 33 49 35 62 74 73 7a 44
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"hJx2f6J21XzQogegYPO-h_pinhSm24i2nKj1M6wgN9J9UjFLYDI1UrnS69NPVoffsc_8bJKvCY_8NNaZsXozwb-6d8L1g3rjyamY7TZKcdxcCrFFf3I5btszD
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC468INData Raw: 22 76 30 2e 34 2e 35 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 31 22 2c 22 72 65 76 69 73 69 6f 6e 22 3a 22 30 35 61 38 37 37 38 34 39 37 33 62 36 65 31 63 63 35 39 31 66 31 66 31 61 39 61 30 35 63 35 38 37 33 64 39 39 37 31 65 22 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 39 62 66 62 34 63 63 39 64 63 31 37 36 63 37 63 62 61 61 36 62 32 38 39 30 64 39 66 36 38 36 38 63 30 61 64 61 36 66 34 34 31 36 38 61 30 62 62 30 39 30 33 64 62 66 62 38 38 32 37 38 64 39 32 22 2c 22 73 69 7a 65 22 3a 35 31 38 38 38 37 32 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 62 65 72 67 61 6d 6f 74 2d 74 72 61 6e 73 6c 61 74 6f 72 2d 77 6f 72 6b 65 72 2e 77 61 73 6d 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 74
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "v0.4.5","version":"1.1","revision":"05a87784973b6e1cc591f1f1a9a05c5873d9971e","attachment":{"hash":"9bfb4cc9dc176c7cbaa6b2890d9f6868c0ada6f44168a0bb0903dbfb88278d92","size":5188872,"filename":"bergamot-translator-worker.wasm","location":"main-workspace/t


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                84192.168.2.74998534.120.208.1234437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC618OUTPOST /submit/firefox-desktop/newtab/1/6db12043-3902-4d45-8c5d-d992fbf6d4e7 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: incoming.telemetry.mozilla.org
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 16:27:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                content-encoding: gzip
                                                                                                                                                                                                                                                                                                                                                                                                                content-length: 452
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                x-telemetry-agent: Glean/53.2.0 (Rust on Windows)
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:52 UTC452OUTData Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 92 d1 6e a3 30 10 45 ff c5 af 05 64 13 48 08 bf b1 5d ed c3 6a 65 19 18 12 ab c6 a6 1e b3 d9 a8 e2 df 77 0c 29 69 ab aa 95 10 c8 e3 3b 73 8f af 79 61 a3 b6 27 a9 6d ef 58 fd c2 10 9e 59 2d 12 86 41 f9 20 83 1e 80 d5 2c e7 f9 2e 15 3c e5 e5 23 af ea 42 3c 70 51 73 ce 12 06 b6 fb 56 e3 41 a1 b3 a4 68 dd 30 3a 0b 36 90 99 0e 6c 4e 58 6b f4 ba 5c bd 03 18 18 20 f8 ab c4 ee 49 36 93 36 1d b5 95 bb 2c cf e2 a0 a5 20 3b 15 a2 9d 38 1e c8 4b d0 f3 c8 79 bd 3c 0f cb 9b 84 bd f6 18 a4 9f ec ab f8 ce b6 51 5d b4 ed dc 05 57 17 69 a7 a1 01 4f 07 3f f2 a2 4c 98 43 f9 17 3c ea 05 5b f0 c5 5d 8d e3 86 14 e7 f1 63 7e c8 77 79 99 57 b7 cd f6 ac ac 05 43 db 9e ce a1 10 62 dd b7 67 1d a0 0d 93 8f 1c ff aa bd dc 17 37 7d a7 71 34 ea fa d6 49
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: n0EdH]jew)i;sya'mXY-A ,.<#B<pQsVAh0:6lNXk\ I66, ;8Ky<Q]WiO?LC<[]c~wyWCbg7}q4I
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:53 UTC662INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: openresty
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:20:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Max-Age: 1728000
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                85192.168.2.74998834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:53 UTC380OUTGET /v1/buckets/main/collections/sites-classification?_expected=1544035467383 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:54 UTC631INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 661
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Last-Modified, ETag, Content-Type, Cache-Control, Pragma, Expires, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:08:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 761
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733011218718"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:54 UTC661INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 61 32 6f 74 69 69 6d 61 32 6b 65 68 33 62 65 6d 6f 71 78 79 37 64 75 78 6e 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"signature":{"ref":"a2otiima2keh3bemoqxy7duxn","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","si


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                86192.168.2.74999334.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:56 UTC388OUTGET /v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:57 UTC632INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 933
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Last-Modified, Alert, Content-Length, Content-Type, ETag, Pragma, Backoff, Retry-After, Expires, Cache-Control
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:47:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2019
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733011218006"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:57 UTC758INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 74 6f 6b 65 6e 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 74 6f 6b 65 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 54 6f 6b 65 6e 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6b 65 6e 20 75 73 65 64 20 69 6e 20 55 52 4c 22 7d 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 6f 6b 65 6e 73 20 75 73 65 64 20 69 6e 20 55 52 4c 20 64 65 63 6f 72 61 74 69 6f 6e 20 73 61 6e 69 74 69 7a 61 74 69 6f 6e 20 66 65 61 74 75 72 65 20 6f 66 20 74 68 65 20 61 6e 74 69 2d 74 72 61 63 6b 69 6e 67 20 63 6f 6d 70
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"schema":{"type":"object","required":["token"],"properties":{"token":{"type":"string","title":"Token","description":"Token used in URL"}},"description":"Tokens used in URL decoration sanitization feature of the anti-tracking comp
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:57 UTC175INData Raw: 2b 55 45 4e 37 6a 79 4d 76 4c 35 38 4c 68 33 58 55 55 65 65 70 65 62 53 6f 4d 67 66 75 59 50 51 46 30 4c 55 41 69 77 71 4c 58 54 37 56 67 58 2b 67 61 57 65 57 46 49 30 37 44 66 6c 6b 66 7a 50 4a 51 79 4f 45 32 46 59 6d 76 44 65 7a 36 72 22 7d 2c 22 64 69 73 70 6c 61 79 46 69 65 6c 64 73 22 3a 5b 22 74 6f 6b 65 6e 22 5d 2c 22 69 64 22 3a 22 61 6e 74 69 2d 74 72 61 63 6b 69 6e 67 2d 75 72 6c 2d 64 65 63 6f 72 61 74 69 6f 6e 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 33 33 30 31 31 32 31 38 30 30 36 7d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: +UEN7jyMvL58Lh3XUUeepebSoMgfuYPQF0LUAiwqLXT7VgX+gaWeWFI07DflkfzPJQyOE2FYmvDez6r"},"displayFields":["token"],"id":"anti-tracking-url-decoration","last_modified":1733011218006}}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                87192.168.2.74999834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:58 UTC393OUTGET /v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC558INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 11606
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:29:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3065
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC832INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 61 64 64 6f 6e 5f 69 64 22 2c 22 69 63 6f 6e 73 22 2c 22 76 65 72 73 69 6f 6e 22 2c 22 73 6f 75 72 63 65 55 52 49 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 2c 22 70 72 69 76 61 63 79 50 6f 6c 69 63 79 22 2c 22 73 74 75 64 79 54 79 70 65 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 2c 22 64 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 44 65 74 61 69 6c 73 22 2c 22 61 75 74 68 6f 72 73 22 2c 22 69 73 44 65 66 61 75 6c 74 22 2c 22 73 74 75 64 79 45 6e 64 65 64 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 63 6f 6e 73 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"schema":{"type":"object","required":["addon_id","icons","version","sourceURI","description","privacyPolicy","studyType","moreInfo","dataCollectionDetails","authors","isDefault","studyEnded"],"properties":{"icons":{"type":"object","properties
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 70 72 69 76 61 63 79 50 6f 6c 69 63 79 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 73 70 65 63 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 7d 7d 2c 22 64 61 74 61 43 6f 6c 6c 65 63 74 69 6f 6e 44 65 74 61 69 6c 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 44 65 74 61 69 6c 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 7d 7d 7d 7d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 33 64 32 66 65 39 34 6a 63 6d 31 66 61 32 66 6d 61 75 6b 39 75 31 68 68 6f 79 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ":"string"},"privacyPolicy":{"type":"object","properties":{"spec":{"type":"string"}}},"dataCollectionDetails":{"type":"array","properties":{"collectionDetail":{"type":"string"}}}}},"signature":{"ref":"3d2fe94jcm1fa2fmauk9u1hhoy","x5u":"https://content-sig
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 22 6d 6f 72 65 49 6e 66 6f 22 3a 7b 7d 7d 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 2e 31 22 2c 22 61 64 64 6f 6e 5f 69 64 22 3a 22 6e 65 77 73 2e 73 74 75 64 79 40 70 72 69 6e 63 65 74 6f 6e 2e 65 64 75 22 2c 22 6d 6f 72 65 49 6e 66 6f 22 3a 7b 22 73 70 65 63 22 3a 22 68 74 74 70 73 3a 2f 2f 65 78 61 6d 70 6c 65 2e 63 6f 6d 22 7d 2c 22 69 73 44 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 73 6f 75 72 63 65 55 52 49 22 3a 7b 22 73 70 65 63 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6f 6e 2d 65 78 74 65 6e 73 69 6f 6e 2e 70 72 6f 64 2e 64 61 74 61 6f 70 73 2e 6d 6f 7a 67 63 70 2e 6e 65 74 2f 6e 65 77 73 2d 64 69 73 69 6e 66 6f 72 6d 61 74 69 6f 6e 2d 73 74 75 64 79 2d 31 2e 32 2e 31 2e 78 70 69 22 7d 2c 22 73 74 75 64 79 54 79 70 65 22 3a 22 65 78 74 65 6e 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: "moreInfo":{}},"version":"1.2.1","addon_id":"news.study@princeton.edu","moreInfo":{"spec":"https://example.com"},"isDefault":false,"sourceURI":{"spec":"https://ion-extension.prod.dataops.mozgcp.net/news-disinformation-study-1.2.1.xpi"},"studyType":"extens
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 44 38 33 35 5c 75 44 44 46 39 5c 75 44 38 33 35 5c 75 44 44 46 36 5c 75 44 38 33 35 5c 75 44 45 30 31 5c 75 44 38 33 35 5c 75 44 44 46 36 5c 75 44 38 33 35 5c 75 44 44 46 30 5c 75 44 38 33 35 5c 75 44 44 45 45 5c 75 44 38 33 35 5c 75 44 44 46 39 20 5c 75 44 38 33 35 5c 75 44 44 45 45 5c 75 44 38 33 35 5c 75 44 44 46 42 5c 75 44 38 33 35 5c 75 44 44 46 31 20 5c 75 44 38 33 35 5c 75 44 44 44 36 5c 75 44 38 33 35 5c 75 44 44 45 32 5c 75 44 38 33 35 5c 75 44 44 45 39 5c 75 44 38 33 35 5c 75 44 44 44 43 5c 75 44 38 33 35 5c 75 44 44 44 37 2d 31 39 20 5c 75 44 38 33 35 5c 75 44 44 44 43 5c 75 44 38 33 35 5c 75 44 44 46 42 5c 75 44 38 33 35 5c 75 44 44 46 33 5c 75 44 38 33 35 5c 75 44 44 46 43 5c 75 44 38 33 35 5c 75 44 44 46 46 5c 75 44 38 33 35 5c 75 44 44 46
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: D835\uDDF9\uD835\uDDF6\uD835\uDE01\uD835\uDDF6\uD835\uDDF0\uD835\uDDEE\uD835\uDDF9 \uD835\uDDEE\uD835\uDDFB\uD835\uDDF1 \uD835\uDDD6\uD835\uDDE2\uD835\uDDE9\uD835\uDDDC\uD835\uDDD7-19 \uD835\uDDDC\uD835\uDDFB\uD835\uDDF3\uD835\uDDFC\uD835\uDDFF\uD835\uDDF
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 68 72 6f 75 67 68 20 6f 70 74 69 6f 6e 61 6c 20 73 75 72 76 65 79 73 20 6f 66 66 65 72 65 64 20 62 79 20 50 72 69 6e 63 65 74 6f 6e 2e 20 54 68 65 20 73 65 63 74 69 6f 6e 20 62 65 6c 6f 77 20 64 65 73 63 72 69 62 65 73 20 68 6f 77 20 74 68 65 73 65 20 74 77 6f 20 70 61 72 74 73 20 77 6f 72 6b 2e 5c 6e 5c 75 44 38 33 35 5c 75 44 45 31 42 5c 75 44 38 33 35 5c 75 44 45 32 39 5c 75 44 38 33 35 5c 75 44 45 32 36 20 5c 75 44 38 33 35 5c 75 44 45 31 41 5c 75 44 38 33 35 5c 75 44 45 33 35 5c 75 44 38 33 35 5c 75 44 45 33 36 5c 75 44 38 33 35 5c 75 44 45 32 35 5c 75 44 38 33 35 5c 75 44 45 33 41 20 5c 75 44 38 33 35 5c 75 44 45 32 32 5c 75 44 38 33 35 5c 75 44 45 32 35 5c 75 44 38 33 35 5c 75 44 45 32 35 2d 5c 75 44 38 33 35 5c 75 44 45 33 30 5c 75 44 38 33 35 5c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: hrough optional surveys offered by Princeton. The section below describes how these two parts work.\n\uD835\uDE1B\uD835\uDE29\uD835\uDE26 \uD835\uDE1A\uD835\uDE35\uD835\uDE36\uD835\uDE25\uD835\uDE3A \uD835\uDE22\uD835\uDE25\uD835\uDE25-\uD835\uDE30\uD835\
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 75 20 76 69 73 69 74 20 61 20 6e 65 77 73 20 6f 75 74 6c 65 74 5c 75 32 30 31 39 73 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 20 61 63 63 6f 75 6e 74 2c 20 4d 6f 7a 69 6c 6c 61 20 77 69 6c 6c 20 63 6f 6c 6c 65 63 74 20 67 65 6e 65 72 61 6c 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 76 69 73 69 74 2e 20 54 68 69 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 64 6f 65 73 20 6e 6f 74 20 69 6e 63 6c 75 64 65 20 77 68 61 74 20 63 6f 6e 74 65 6e 74 20 79 6f 75 20 76 69 65 77 65 64 2c 20 62 75 74 20 64 6f 65 73 20 69 6e 63 6c 75 64 65 20 74 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 20 61 63 63 6f 75 6e 74 2c 20 6c 69 6b 65 20 40 6e 79 74 69 6d 65 73 20 6f 72 20 40 46 6f 78 4e 65 77 73 20 6f 6e 20 54 77 69
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: u visit a news outlet\u2019s social media account, Mozilla will collect general information about the visit. This information does not include what content you viewed, but does include the name of the social media account, like @nytimes or @FoxNews on Twi
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 5c 75 44 44 46 36 5c 75 44 38 33 35 5c 75 44 44 46 30 20 5c 75 44 38 33 35 5c 75 44 44 46 31 5c 75 44 38 33 35 5c 75 44 44 45 45 5c 75 44 38 33 35 5c 75 44 45 30 31 5c 75 44 38 33 35 5c 75 44 44 45 45 3a 20 49 66 20 79 6f 75 20 63 6f 6d 70 6c 65 74 65 20 61 20 50 72 69 6e 63 65 74 6f 6e 2d 61 64 6d 69 6e 69 73 74 65 72 65 64 20 53 75 72 76 65 79 2c 20 4d 6f 7a 69 6c 6c 61 20 77 69 6c 6c 20 72 65 63 65 69 76 65 20 61 20 63 6f 70 79 20 6f 66 20 79 6f 75 72 20 72 65 73 70 6f 6e 73 65 73 20 69 6e 63 6c 75 64 69 6e 67 20 79 6f 75 72 20 64 65 6d 6f 67 72 61 70 68 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3b 20 6c 69 6b 65 20 79 6f 75 72 20 61 67 65 2c 20 67 65 6e 64 65 72 2c 20 65 64 75 63 61 74 69 6f 6e 20 6c 65 76 65 6c 2c 20 76 6f 74 65 72 20 72 65 67 69 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: \uDDF6\uD835\uDDF0 \uD835\uDDF1\uD835\uDDEE\uD835\uDE01\uD835\uDDEE: If you complete a Princeton-administered Survey, Mozilla will receive a copy of your responses including your demographic information; like your age, gender, education level, voter regis
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1390INData Raw: 75 44 44 45 33 29 3a 20 57 65 20 75 73 65 20 47 43 50 20 61 73 20 6f 75 72 20 63 6c 6f 75 64 2d 73 74 6f 72 61 67 65 20 73 65 72 76 69 63 65 2e 20 4d 6f 7a 69 6c 6c 61 20 68 61 73 20 63 6f 6e 74 72 61 63 74 65 64 20 77 69 74 68 20 47 43 50 20 72 65 71 75 69 72 69 6e 67 20 74 68 65 6d 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 64 61 74 61 20 69 6e 20 77 61 79 73 20 74 68 61 74 20 61 72 65 20 61 70 70 72 6f 76 65 64 20 62 79 20 75 73 2e 5c 6e 5c 6e 5c 75 44 38 33 35 5c 75 44 44 45 33 5c 75 44 38 33 35 5c 75 44 44 46 46 5c 75 44 38 33 35 5c 75 44 44 46 36 5c 75 44 38 33 35 5c 75 44 44 46 42 5c 75 44 38 33 35 5c 75 44 44 46 30 5c 75 44 38 33 35 5c 75 44 44 46 32 5c 75 44 38 33 35 5c 75 44 45 30 31 5c 75 44 38 33 35 5c 75 44 44 46 43 5c 75 44 38 33 35 5c 75
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: uDDE3): We use GCP as our cloud-storage service. Mozilla has contracted with GCP requiring them to handle the data in ways that are approved by us.\n\n\uD835\uDDE3\uD835\uDDFF\uD835\uDDF6\uD835\uDDFB\uD835\uDDF0\uD835\uDDF2\uD835\uDE01\uD835\uDDFC\uD835\u
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:20:59 UTC1044INData Raw: 65 20 73 74 75 64 79 20 61 64 64 2d 6f 6e 20 66 72 6f 6d 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 61 6e 64 20 79 6f 75 20 77 69 6c 6c 20 6e 6f 20 6c 6f 6e 67 65 72 20 62 65 20 61 62 6c 65 20 74 6f 20 64 65 6c 65 74 65 20 74 68 65 20 64 61 74 61 20 79 6f 75 5c 75 32 30 31 39 76 65 20 63 6f 6e 74 72 69 62 75 74 65 64 20 74 6f 20 74 68 65 20 73 74 75 64 79 2e 20 54 68 69 73 20 70 72 6f 74 65 63 74 73 20 74 68 65 20 69 6e 74 65 67 72 69 74 79 20 6f 66 20 74 68 65 20 72 65 73 65 61 72 63 68 2e 20 49 66 20 79 6f 75 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 6f 20 64 65 6c 65 74 65 20 79 6f 75 72 20 64 61 74 61 2c 20 70 6c 65 61 73 65 20 64 6f 20 73 6f 20 62 65 66 6f 72 65 20 74 68 65 20 73 74 75 64 79 20 63 6c 6f 73 65 73 2e 20 59 6f 75 20 6d 61 79 20 61 6c 73 6f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: e study add-on from your browser and you will no longer be able to delete the data you\u2019ve contributed to the study. This protects the integrity of the research. If you would like to delete your data, please do so before the study closes. You may also


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                88192.168.2.75000534.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:00 UTC410OUTGET /v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:01 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 3193
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:22:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3530
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:01 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 54 68 65 20 72 6f 6f 74 20 73 63 68 65 6d 61 22 2c 22 24 73 63 68 65 6d 61 22 3a 22 68 74 74 70 3a 2f 2f 6a 73 6f 6e 2d 73 63 68 65 6d 61 2e 6f 72 67 2f 64 72 61 66 74 2d 30 37 2f 73 63 68 65 6d 61 22 2c 22 64 65 66 61 75 6c 74 22 3a 7b 7d 2c 22 65 78 61 6d 70 6c 65 73 22 3a 5b 7b 22 69 64 22 3a 22 63 6c 6f 75 64 66 6c 61 72 65 2d 55 53 22 2c 22 75 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6d 6f 7a 69 6c 6c 61 2e 63 6c 6f 75 64 66 6c 61 72 65 2d 64 6e 73 2e 63 6f 6d 2f 64 6e 73 2d 71 75 65 72 79 22 2c 22 55 49 4e 61 6d 65 22 3a 22 43 6c 6f 75 64
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","title":"The root schema","$schema":"http://json-schema.org/draft-07/schema","default":{},"examples":[{"id":"cloudflare-US","uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloud
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:01 UTC1390INData Raw: 65 66 61 75 6c 74 22 3a 22 22 2c 22 65 78 61 6d 70 6c 65 73 22 3a 5b 22 43 6c 6f 75 64 66 6c 61 72 65 22 5d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 50 72 6f 76 69 64 65 72 20 6e 61 6d 65 20 74 6f 20 64 69 73 70 6c 61 79 20 69 6e 20 55 49 2e 20 50 72 6f 76 69 64 65 72 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 73 68 6f 77 6e 20 69 6e 20 55 49 20 69 66 20 6f 6d 69 74 74 65 64 22 7d 2c 22 61 75 74 6f 44 65 66 61 75 6c 74 22 3a 7b 22 24 69 64 22 3a 22 23 2f 70 72 6f 70 65 72 74 69 65 73 2f 61 75 74 6f 44 65 66 61 75 6c 74 22 2c 22 74 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 74 69 74 6c 65 22 3a 22 57 68 65 74 68 65 72 20 74 68 65 20 70 72 6f 76 69 64 65 72 20 70 61 72 74 69 63 69 70 61 74 65 73 20 69 6e 20 74 68 65 20 61 75 74 6f 2d 64 65 66 61 75
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: efault":"","examples":["Cloudflare"],"description":"Provider name to display in UI. Provider will not be shown in UI if omitted"},"autoDefault":{"$id":"#/properties/autoDefault","type":"boolean","title":"Whether the provider participates in the auto-defau
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:01 UTC970INData Raw: 35 34 39 37 32 32 31 30 37 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 75 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6e 73 2e 73 68 61 77 2e 63 61 2f 64 6e 73 2d 71 75 65 72 79 22 2c 22 55 49 4e 61 6d 65 22 3a 22 53 68 61 77 22 2c 22 73 63 68 65 6d 61 22 3a 31 36 34 37 33 34 38 34 37 38 39 39 30 2c 22 61 75 74 6f 44 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 63 61 6e 6f 6e 69 63 61 6c 4e 61 6d 65 22 3a 22 64 6e 73 2e 73 68 61 77 2e 63 61 22 2c 22 69 64 22 3a 22 73 68 61 77 2d 43 41 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 34 37 35 34 39 37 32 32 31 30 37 7d 2c 7b 22 75 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 68 2e 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 64 6e 73 2d 71 75 65 72 79 22 2c 22 6e 61 6d 65 22 3a 22 63 6f 6d 63 61 73 74 22 2c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: 549722107,"changes":[{"uri":"https://dns.shaw.ca/dns-query","UIName":"Shaw","schema":1647348478990,"autoDefault":false,"canonicalName":"dns.shaw.ca","id":"shaw-CA","last_modified":1647549722107},{"uri":"https://doh.xfinity.com/dns-query","name":"comcast",


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                89192.168.2.75000834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:02 UTC407OUTGET /v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:02 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 4260
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:26:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3258
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:02 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 24 69 64 22 3a 22 68 74 74 70 3a 2f 2f 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 2e 6a 73 6f 6e 22 2c 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 54 68 65 20 72 6f 6f 74 20 73 63 68 65 6d 61 22 2c 22 24 73 63 68 65 6d 61 22 3a 22 68 74 74 70 3a 2f 2f 6a 73 6f 6e 2d 73 63 68 65 6d 61 2e 6f 72 67 2f 64 72 61 66 74 2d 30 37 2f 73 63 68 65 6d 61 22 2c 22 64 65 66 61 75 6c 74 22 3a 7b 7d 2c 22 65 78 61 6d 70 6c 65 73 22 3a 5b 7b 22 69 64 22 3a 22 55 53 22 2c 22 70 72 6f 76 69 64 65 72 73 22 3a 22 63 6c 6f 75 64 66 6c 61 72 65 2d 67 6c 6f 62 61 6c 2c 20 6e 65 78 74 64 6e 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"$id":"http://example.com/example.json","type":"object","title":"The root schema","$schema":"http://json-schema.org/draft-07/schema","default":{},"examples":[{"id":"US","providers":"cloudflare-global, nextdns
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:02 UTC1390INData Raw: 74 69 66 69 65 72 73 2c 20 72 65 66 65 72 65 6e 63 69 6e 67 20 64 6f 68 2d 70 72 6f 76 69 64 65 72 73 20 63 6f 6c 6c 65 63 74 69 6f 6e 22 7d 2c 22 72 6f 6c 6c 6f 75 74 45 6e 61 62 6c 65 64 22 3a 7b 22 24 69 64 22 3a 22 23 2f 70 72 6f 70 65 72 74 69 65 73 2f 72 6f 6c 6c 6f 75 74 45 6e 61 62 6c 65 64 22 2c 22 74 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 74 69 74 6c 65 22 3a 22 45 6e 61 62 6c 65 20 72 6f 6c 6c 6f 75 74 20 69 6e 20 74 68 69 73 20 72 65 67 69 6f 6e 22 2c 22 64 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 65 78 61 6d 70 6c 65 73 22 3a 5b 74 72 75 65 5d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 49 66 20 74 72 75 65 2c 20 63 6c 69 65 6e 74 73 20 69 6e 20 74 68 69 73 20 72 65 67 69 6f 6e 20 77 69 6c 6c 20 74 75 72 6e 20 44 6f 48 20 6f
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tifiers, referencing doh-providers collection"},"rolloutEnabled":{"$id":"#/properties/rolloutEnabled","type":"boolean","title":"Enable rollout in this region","default":false,"examples":[true],"description":"If true, clients in this region will turn DoH o
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:02 UTC1390INData Raw: 72 75 65 7d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 31 67 31 37 76 6f 74 78 77 6c 75 6d 68 6c 37 76 32 6f 61 77 78 7a 73 39 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 48 4b 42 62 4c 33 6b 47 65 52 37 6a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: rue},"signature":{"ref":"1g17votxwlumhl7v2oawxzs9","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"HKBbL3kGeR7j
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:02 UTC647INData Raw: 74 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 73 74 65 65 72 69 6e 67 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 73 74 65 65 72 69 6e 67 50 72 6f 76 69 64 65 72 73 22 3a 22 73 68 61 77 2d 43 41 22 2c 22 61 75 74 6f 44 65 66 61 75 6c 74 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 61 75 74 6f 44 65 66 61 75 6c 74 50 72 6f 76 69 64 65 72 73 22 3a 22 22 2c 22 69 64 22 3a 22 43 41 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 34 37 35 34 39 37 38 39 33 33 39 7d 2c 7b 22 73 63 68 65 6d 61 22 3a 31 36 33 30 35 39 33 38 31 30 32 38 37 2c 22 70 72 6f 76 69 64 65 72 73 22 3a 22 63 6c 6f 75 64 66 6c 61 72 65 2d 67 6c 6f 62 61 6c 2c 20 6e 65 78 74 64 6e 73 2d 67 6c 6f 62 61 6c 22 2c 22 72 6f 6c 6c 6f 75 74 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: tEnabled":true,"steeringEnabled":true,"steeringProviders":"shaw-CA","autoDefaultEnabled":false,"autoDefaultProviders":"","id":"CA","last_modified":1647549789339},{"schema":1630593810287,"providers":"cloudflare-global, nextdns-global","rolloutEnabled":fals


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                90192.168.2.75001234.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:05 UTC376OUTGET /v1/buckets/main/collections/devtools-devices?_expected=1653469171354 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:05 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1618
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Cache-Control, Expires, Content-Type, Content-Length, Backoff, Pragma, Last-Modified, ETag, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:46:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2102
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733011208244"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:05 UTC757INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 64 65 76 69 63 65 20 28 65 2e 67 2e 20 4e 65 78 75 73 20 35 58 2c 20 5c 75 32 30 32 36 29 22 7d 2c 22 74 6f 75 63 68 22 3a 7b 22 74 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 74 69 74 6c 65 22 3a 22 54 6f 75 63 68 20 53 63 72 65 65 6e 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","properties":{"name":{"type":"string","title":"Name","description":"The name of the device (e.g. Nexus 5X, \u2026)"},"touch":{"type":"boolean","title":"Touch Screen","description"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:05 UTC861INData Raw: 76 69 63 65 22 7d 2c 22 70 69 78 65 6c 52 61 74 69 6f 22 3a 7b 22 74 79 70 65 22 3a 22 6e 75 6d 62 65 72 22 2c 22 74 69 74 6c 65 22 3a 22 44 50 52 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 50 69 78 65 6c 20 72 61 74 69 6f 20 6f 66 20 74 68 65 20 64 65 76 69 63 65 22 7d 7d 7d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 31 38 37 68 63 6d 79 77 37 35 6a 7a 33 76 66 79 6b 38 74 69 68 65 37 78 69 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: vice"},"pixelRatio":{"type":"number","title":"DPR","description":"Pixel ratio of the device"}}},"signature":{"ref":"187hcmyw75jz3vfyk8tihe7xi","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                91192.168.2.75001434.107.243.934437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:05 UTC604OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: push.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                                                                                                                                                                                                                Origin: wss://push.services.mozilla.com/
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Protocol: push-notification
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-WebSocket-Key: Kjb8+3nyJX+drhwrloJVYQ==
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive, Upgrade
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:06 UTC220INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 81
                                                                                                                                                                                                                                                                                                                                                                                                                content-type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                date: Sat, 07 Dec 2024 15:21:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:06 UTC81INData Raw: 7b 22 63 6f 64 65 22 3a 35 30 30 2c 22 65 72 72 6e 6f 22 3a 35 30 30 2c 22 65 72 72 6f 72 22 3a 22 41 63 74 69 78 20 57 65 62 20 65 72 72 6f 72 3a 20 57 65 62 53 6f 63 6b 65 74 20 75 70 67 72 61 64 65 20 69 73 20 65 78 70 65 63 74 65 64 22 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"code":500,"errno":500,"error":"Actix Web error: WebSocket upgrade is expected"}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                92192.168.2.75001934.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:06 UTC381OUTGET /v1/buckets/main/collections/language-dictionaries?_expected=1673270322227 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:07 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1093
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Last-Modified, Alert, Content-Length, Content-Type, ETag, Pragma, Backoff, Retry-After, Expires, Cache-Control
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:54:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 1599
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733011207462"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:07 UTC757INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 69 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 4c 61 6e 67 75 61 67 65 20 64 69 63 74 69 6f 6e 61 72 69 65 73 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 69 64 22 2c 22 64 69 63 74 69 6f 6e 61 72 69 65 73 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4c 61 6e 67 75 61 67 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 49 64 65 6e 74 69 66 69 65 72 20 28 65 67 2e 20 5c 22 65 73 2d 41 52 5c 22 29 2e 22 7d 2c 22 64 69 63 74 69 6f 6e 61 72 69 65 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"sort":"id","schema":{"type":"object","title":"Language dictionaries","required":["id","dictionaries"],"properties":{"id":{"type":"string","title":"Language","description":"Identifier (eg. \"es-AR\")."},"dictionaries":{"type":"ar
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:07 UTC336INData Raw: 73 64 6c 2d 69 6a 6a 6a 59 34 42 6d 61 61 4e 79 73 74 32 67 61 73 49 44 53 56 4e 59 4d 58 46 49 53 66 36 47 61 39 50 4a 61 36 4e 74 6e 57 54 56 56 4a 79 64 33 73 46 32 78 37 46 58 33 39 56 6f 46 75 71 22 2c 22 73 69 67 6e 65 72 5f 69 64 22 3a 22 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 4d 48 59 77 45 41 59 48 4b 6f 5a 49 7a 6a 30 43 41 51 59 46 4b 34 45 45 41 43 49 44 59 67 41 45 50 6e 6e 4b 38 4b 36 69 47 47 50 43 32 64 6b 46 4b 44 71 66 79 55 78 64 6b 62 45 59 66 71 2b 61 34 59 50 33 45 77 4e 6d 79 35 42 7a 6f 54 30 2f 59 2b 55 45 4e 37 6a 79 4d 76 4c 35 38 4c 68 33 58 55 55 65 65 70 65 62 53 6f 4d 67 66 75 59 50 51 46 30 4c 55 41 69 77 71 4c 58 54 37 56 67 58 2b 67 61 57 65 57 46 49 30 37 44 66 6c 6b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: sdl-ijjjY4BmaaNyst2gasIDSVNYMXFISf6Ga9PJa6NtnWTVVJyd3sF2x7FX39VoFuq","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPnnK8K6iGGPC2dkFKDqfyUxdkbEYfq+a4YP3EwNmy5BzoT0/Y+UEN7jyMvL58Lh3XUUeepebSoMgfuYPQF0LUAiwqLXT7VgX+gaWeWFI07Dflk


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                93192.168.2.75002434.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:08 UTC376OUTGET /v1/buckets/main/collections/password-recipes?_expected=1674595048726 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:09 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1419
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Last-Modified, ETag, Content-Type, Cache-Control, Pragma, Expires, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:31:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2983
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733011207070"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:09 UTC757INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 64 65 73 63 72 69 70 74 69 6f 6e 22 2c 22 68 6f 73 74 73 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 68 6f 73 74 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4c 69 73 74 20 6f 66 20 68 6f 73 74 73 20 77 68 65 72 65 20 74 68 69 73 20 72 65 63 69 70 65 20 61 70 70 6c 69 65 73 2e 22 7d 2c 22 70 61 74 68 52 65 67 65 78 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 61
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"schema":{"type":"object","required":["description","hosts"],"properties":{"hosts":{"type":"array","items":{"type":"string"},"description":"List of hosts where this recipe applies."},"pathRegex":{"type":"string","description":"Ma
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:09 UTC662INData Raw: 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 31 78 7a 68 69 39 6f 6a 34 70 7a 6e 69 33 67 78 30 72 7a 67 63 32 76 6b 34 74 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 35 2d 30 31 2d 31 37 2d 31 33 2d 30 33 2d 31 37 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 6b 69 22 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 22 4b 58 70 4f 6b 4e 4a 33 37 47 35 42 75 32 5f 4b 6c
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: ignature":{"ref":"1xzhi9oj4pzni3gx0rzgc2vk4t","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain","mode":"p384ecdsa","type":"contentsignaturepki","signature":"KXpOkNJ37G5Bu2_Kl


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                94192.168.2.75002834.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:11 UTC394OUTGET /v1/buckets/main/collections/translations-identification-models?_expected=1681500405555 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:11 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1192
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Cache-Control, Expires, Content-Type, Content-Length, Backoff, Pragma, Last-Modified, ETag, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:27:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 3212
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 01 Dec 2024 00:00:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "1733011206706"
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:11 UTC757INData Raw: 7b 22 70 65 72 6d 69 73 73 69 6f 6e 73 22 3a 7b 7d 2c 22 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 6e 61 6d 65 22 2c 22 76 65 72 73 69 6f 6e 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 6e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 6c 61 6e 67 75 61 67 65 20 69 64 65 6e 74 69 66 69 63 61 74 69 6f 6e 20 6d 6f 64 65 6c 22 7d 2c 22 76 65 72 73 69 6f 6e 22 3a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"permissions":{},"data":{"sort":"-last_modified","schema":{"type":"object","required":["name","version"],"properties":{"id":{"type":"string"},"name":{"type":"string","title":"Name","description":"The name of the language identification model"},"version":
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:11 UTC435INData Raw: 55 4f 6e 33 6b 43 79 53 72 45 59 51 4a 59 49 62 55 73 53 71 4c 37 59 45 47 42 44 77 66 6f 72 79 70 66 6f 4e 55 73 7a 79 6b 37 33 53 51 4f 49 33 73 4a 70 22 2c 22 73 69 67 6e 65 72 5f 69 64 22 3a 22 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 4d 48 59 77 45 41 59 48 4b 6f 5a 49 7a 6a 30 43 41 51 59 46 4b 34 45 45 41 43 49 44 59 67 41 45 50 6e 6e 4b 38 4b 36 69 47 47 50 43 32 64 6b 46 4b 44 71 66 79 55 78 64 6b 62 45 59 66 71 2b 61 34 59 50 33 45 77 4e 6d 79 35 42 7a 6f 54 30 2f 59 2b 55 45 4e 37 6a 79 4d 76 4c 35 38 4c 68 33 58 55 55 65 65 70 65 62 53 6f 4d 67 66 75 59 50 51 46 30 4c 55 41 69 77 71 4c 58 54 37 56 67 58 2b 67 61 57 65 57 46 49 30 37 44 66 6c 6b 66 7a 50 4a 51 79 4f 45 32 46 59 6d 76 44 65 7a
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: UOn3kCySrEYQJYIbUsSqL7YEGBDwforypfoNUszyk73SQOI3sJp","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPnnK8K6iGGPC2dkFKDqfyUxdkbEYfq+a4YP3EwNmy5BzoT0/Y+UEN7jyMvL58Lh3XUUeepebSoMgfuYPQF0LUAiwqLXT7VgX+gaWeWFI07DflkfzPJQyOE2FYmvDez


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                95192.168.2.75003334.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:13 UTC393OUTGET /v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:13 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 3736
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Retry-After, Content-Length, Backoff, Content-Type, Alert
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:32:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2944
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 30 Nov 2024 00:00:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:13 UTC833INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 69 64 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 66 61 75 6c 74 22 3a 22 41 64 64 6f 6e 4d 61 6e 61 67 65 72 53 65 74 74 69 6e 67 73 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 64 65 66 61 75 6c 74 20 69 64 20 73 68 6f 75 6c 64 20 4e 4f 54 20 62 65 20 63 68 61 6e 67 65 64 2c 20 75 6e 6c 65 73 73 20 74 68 65 72 65 20 69 73 20 61 20 73 70 65 63 69 66 69 63 20 6e 65 65 64 20 74 6f 20 63 72 65 61 74 65 20 73 65 70 61 72 61 74 65 20 63 6f 6c 6c 65 63 74 69 6f 6e 20 65 6e 74 72 69 65 73 20 77 68 69 63 68 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"schema":{"type":"object","required":["id"],"properties":{"id":{"type":"string","default":"AddonManagerSettings","description":"The default id should NOT be changed, unless there is a specific need to create separate collection entries which
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:13 UTC1390INData Raw: 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 74 69 74 6c 65 22 3a 22 49 6e 63 6c 75 64 65 20 71 75 61 72 61 6e 74 69 6e 65 64 44 6f 6d 61 69 6e 73 20 73 65 74 74 69 6e 67 73 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 65 78 74 65 6e 73 69 6f 6e 73 2e 71 75 61 72 61 6e 74 69 6e 65 64 44 6f 6d 61 69 6e 73 2e 6c 69 73 74 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 65 78 74 65 6e 73 69 6f 6e 73 2e 71 75 61 72 61 6e 74 69 6e 65 64 44 6f 6d 61 69 6e 73 2e 6c 69 73 74 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 64 65 66 61 75 6c 74 22 3a 22 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 3a 31 30 34 38 35 37 36 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 65 74 20 6f 66 20 64 6f 6d 61 69 6e 73 20 74 6f 20 62 65 20 71 75 61 72 61 6e 74 69 6e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: pe":"object","title":"Include quarantinedDomains settings","required":["extensions.quarantinedDomains.list"],"properties":{"extensions.quarantinedDomains.list":{"type":"string","default":"","maxLength":1048576,"description":"Set of domains to be quarantin
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:13 UTC1390INData Raw: 69 67 67 65 72 49 6d 70 6c 2e 65 6e 61 62 6c 65 64 22 3a 7b 22 74 79 70 65 22 3a 22 62 6f 6f 6c 65 61 6e 22 2c 22 64 65 66 61 75 6c 74 22 3a 66 61 6c 73 65 2c 22 6f 70 74 69 6f 6e 61 6c 22 3a 74 72 75 65 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 68 6f 77 2f 48 69 64 65 20 74 68 65 20 49 6e 73 74 61 6c 6c 54 72 69 67 67 65 72 20 6d 65 74 68 6f 64 73 2e 20 54 68 65 20 49 6e 73 74 61 6c 6c 54 72 69 67 67 65 72 20 67 6c 6f 62 61 6c 20 77 69 6c 6c 20 72 65 6d 61 69 6e 20 76 69 73 69 62 6c 65 20 62 75 74 20 73 65 74 20 74 6f 20 6e 75 6c 6c 2e 22 7d 7d 2c 22 61 64 64 69 74 69 6f 6e 61 6c 50 72 6f 70 65 72 74 69 65 73 22 3a 66 61 6c 73 65 7d 5d 2c 22 64 65 66 61 75 6c 74 22 3a 6e 75 6c 6c 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 73 65 20
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: iggerImpl.enabled":{"type":"boolean","default":false,"optional":true,"description":"Show/Hide the InstallTrigger methods. The InstallTrigger global will remain visible but set to null."}},"additionalProperties":false}],"default":null,"description":"These
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:13 UTC123INData Raw: 6c 2e 63 6f 6d 2e 62 72 22 7d 2c 22 69 6e 73 74 61 6c 6c 54 72 69 67 67 65 72 44 65 70 72 65 63 61 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 69 64 22 3a 22 41 64 64 6f 6e 4d 61 6e 61 67 65 72 53 65 74 74 69 6e 67 73 2d 71 75 61 72 61 6e 74 69 6e 65 64 44 6f 6d 61 69 6e 73 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 38 38 37 34 37 37 32 38 37 32 31 7d 5d 7d
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: l.com.br"},"installTriggerDeprecation":null,"id":"AddonManagerSettings-quarantinedDomains","last_modified":1688747728721}]}


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                                96192.168.2.75003934.149.100.2094437840C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:15 UTC421OUTGET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185&_since=%221693416467312%22 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: firefox.settings.services.mozilla.com
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:15 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Length: 1475
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Backoff, Retry-After
                                                                                                                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
                                                                                                                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 15:04:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 978
                                                                                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sat, 30 Nov 2024 00:00:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:15 UTC834INData Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 73 74 61 72 74 75 70 22 5d 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 66 69 72 73 74 50 61 72 74 79 4f 72 69 67 69 6e 22 2c 22 74 68 69 72 64 50 61 72 74 79 4f 72 69 67 69 6e 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 66 69 72 73 74 50 61 72 74 79 4f 72 69 67 69 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 66 69 72 73 74 50 61 72 74 79 4f 72 69 67 69 6e 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 74 68 65 20 66 69 72 73 74 2d 70 61 72 74 79 20 6f 72 69 67 69 6e 20 62 65 69 6e 67 20 75 73 65 64 20 66 6f 72 20 74 68 65 20 70 65 72 6d 69 73 73 69 6f 6e 2e
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"metadata":{"flags":["startup"],"schema":{"type":"object","required":["firstPartyOrigin","thirdPartyOrigin"],"properties":{"firstPartyOrigin":{"type":"string","title":"firstPartyOrigin","description":"the first-party origin being used for the permission.
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:15 UTC641INData Raw: 57 33 76 77 66 34 61 4d 55 76 39 57 55 33 78 78 2d 51 6f 31 59 72 56 43 6a 76 48 56 70 22 2c 22 73 69 67 6e 65 72 5f 69 64 22 3a 22 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 22 2c 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 4d 48 59 77 45 41 59 48 4b 6f 5a 49 7a 6a 30 43 41 51 59 46 4b 34 45 45 41 43 49 44 59 67 41 45 50 6e 6e 4b 38 4b 36 69 47 47 50 43 32 64 6b 46 4b 44 71 66 79 55 78 64 6b 62 45 59 66 71 2b 61 34 59 50 33 45 77 4e 6d 79 35 42 7a 6f 54 30 2f 59 2b 55 45 4e 37 6a 79 4d 76 4c 35 38 4c 68 33 58 55 55 65 65 70 65 62 53 6f 4d 67 66 75 59 50 51 46 30 4c 55 41 69 77 71 4c 58 54 37 56 67 58 2b 67 61 57 65 57 46 49 30 37 44 66 6c 6b 66 7a 50 4a 51 79 4f 45 32 46 59 6d 76 44 65 7a 36 72 22 7d 2c 22 64 69 73 70 6c 61 79 46 69 65 6c 64 73 22 3a 5b
                                                                                                                                                                                                                                                                                                                                                                                                                Data Ascii: W3vwf4aMUv9WU3xx-Qo1YrVCjvHVp","signer_id":"remote-settings","public_key":"MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPnnK8K6iGGPC2dkFKDqfyUxdkbEYfq+a4YP3EwNmy5BzoT0/Y+UEN7jyMvL58Lh3XUUeepebSoMgfuYPQF0LUAiwqLXT7VgX+gaWeWFI07DflkfzPJQyOE2FYmvDez6r"},"displayFields":[


                                                                                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                                                                                97192.168.2.75004434.160.144.191443
                                                                                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:17 UTC440OUTGET /chains/remote-settings.content-signature.mozilla.org-2025-01-17-13-03-17.chain HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                Host: content-signature-2.cdn.mozilla.net
                                                                                                                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                If-Modified-Since: Thu, 28 Nov 2024 13:03:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                If-None-Match: "e90b4b26f40b4131c1239c8340204be3"
                                                                                                                                                                                                                                                                                                                                                                                                                2024-12-07 15:21:18 UTC190INHTTP/1.1 304 Not Modified
                                                                                                                                                                                                                                                                                                                                                                                                                Date: Sat, 07 Dec 2024 14:40:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                Age: 2423
                                                                                                                                                                                                                                                                                                                                                                                                                ETag: "e90b4b26f40b4131c1239c8340204be3"
                                                                                                                                                                                                                                                                                                                                                                                                                Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:09
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0xf30000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:973'824 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:4316066B2799FA412066927B9445BD7B
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:10
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:10
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:13
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x820000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:13
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:13
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:13
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:13
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:14
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e722203-f77e-46e0-8f33-d05e42b18ecf} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 24099e6ef10 socket
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:17
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -parentBuildID 20230927232528 -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6623779-2eb6-41f5-bad4-cfc391a50ded} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240ac060e10 rdd
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                                                                                                                                                                                                Start time:10:19:21
                                                                                                                                                                                                                                                                                                                                                                                                                Start date:07/12/2024
                                                                                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5332 -prefMapHandle 5268 -prefsLen 32882 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd93cf5d-9dc2-4315-b709-e3bf0226dc8b} 7840 "\\.\pipe\gecko-crash-server-pipe.7840" 240b1df9d10 utility
                                                                                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  Execution Coverage:2.5%
                                                                                                                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                                                  Signature Coverage:4.1%
                                                                                                                                                                                                                                                                                                                                                                                                                  Total number of Nodes:1723
                                                                                                                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                                                                                                                                                  execution_graph 95590 f3fe73 95597 f4ceb1 95590->95597 95592 f3fe89 95606 f4cf92 95592->95606 95594 f3feb3 95618 fa359c 82 API calls __wsopen_s 95594->95618 95596 f84ab8 95598 f4ced2 95597->95598 95599 f4cebf 95597->95599 95601 f4cf05 95598->95601 95602 f4ced7 95598->95602 95619 f3aceb 95599->95619 95604 f3aceb 23 API calls 95601->95604 95629 f4fddb 95602->95629 95605 f4cec9 95604->95605 95605->95592 95669 f36270 95606->95669 95608 f4cfc9 95612 f4cffa 95608->95612 95674 f39cb3 95608->95674 95612->95594 95613 f8d171 95681 f4d2f0 40 API calls 95613->95681 95615 f8d184 95616 f3aceb 23 API calls 95615->95616 95617 f8d188 95615->95617 95616->95617 95617->95617 95618->95596 95620 f3acf9 95619->95620 95628 f3ad2a messages 95619->95628 95621 f3ad55 95620->95621 95623 f3ad01 messages 95620->95623 95621->95628 95639 f3a8c7 22 API calls __fread_nolock 95621->95639 95624 f3ad21 95623->95624 95625 f7fa48 95623->95625 95623->95628 95626 f7fa3a VariantClear 95624->95626 95624->95628 95625->95628 95640 f4ce17 95625->95640 95626->95628 95628->95605 95631 f4fde0 95629->95631 95632 f4fdfa 95631->95632 95635 f4fdfc 95631->95635 95657 f5ea0c 95631->95657 95664 f54ead 7 API calls 2 library calls 95631->95664 95632->95605 95634 f5066d 95666 f532a4 RaiseException 95634->95666 95635->95634 95665 f532a4 RaiseException 95635->95665 95638 f5068a 95638->95605 95639->95628 95641 f4ce1f 95640->95641 95642 f4ce43 95641->95642 95645 f3b010 95641->95645 95642->95628 95644 f4ce2a messages 95644->95628 95646 f3b01b 95645->95646 95647 f7fb4d 95646->95647 95652 f3b023 messages 95646->95652 95648 f4fddb 22 API calls 95647->95648 95650 f7fb59 95648->95650 95649 f3b02a 95649->95644 95652->95649 95653 f3b090 95652->95653 95654 f3b09b messages 95653->95654 95655 f4ce17 22 API calls 95654->95655 95656 f3b0d6 messages 95654->95656 95655->95656 95656->95652 95659 f63820 pre_c_initialization 95657->95659 95658 f6385e 95668 f5f2d9 20 API calls __dosmaperr 95658->95668 95659->95658 95660 f63849 RtlAllocateHeap 95659->95660 95667 f54ead 7 API calls 2 library calls 95659->95667 95660->95659 95662 f6385c 95660->95662 95662->95631 95664->95631 95665->95634 95666->95638 95667->95659 95668->95662 95682 f4fe0b 95669->95682 95671 f36295 95672 f4fddb 22 API calls 95671->95672 95673 f362a3 95672->95673 95673->95608 95675 f39cc2 _wcslen 95674->95675 95676 f4fe0b 22 API calls 95675->95676 95677 f39cea __fread_nolock 95676->95677 95678 f4fddb 22 API calls 95677->95678 95679 f39d00 95678->95679 95680 f36350 22 API calls 95679->95680 95680->95613 95681->95615 95684 f4fddb 95682->95684 95683 f5ea0c ___std_exception_copy 21 API calls 95683->95684 95684->95683 95685 f4fdfa 95684->95685 95688 f4fdfc 95684->95688 95692 f54ead 7 API calls 2 library calls 95684->95692 95685->95671 95687 f5066d 95694 f532a4 RaiseException 95687->95694 95688->95687 95693 f532a4 RaiseException 95688->95693 95691 f5068a 95691->95671 95692->95684 95693->95687 95694->95691 95695 f31033 95700 f34c91 95695->95700 95699 f31042 95708 f3a961 95700->95708 95705 f34d9c 95706 f31038 95705->95706 95716 f351f7 22 API calls __fread_nolock 95705->95716 95707 f500a3 29 API calls __onexit 95706->95707 95707->95699 95709 f4fe0b 22 API calls 95708->95709 95710 f3a976 95709->95710 95711 f4fddb 22 API calls 95710->95711 95712 f34cff 95711->95712 95713 f33af0 95712->95713 95717 f33b1c 95713->95717 95716->95705 95718 f33b0f 95717->95718 95719 f33b29 95717->95719 95718->95705 95719->95718 95720 f33b30 RegOpenKeyExW 95719->95720 95720->95718 95721 f33b4a RegQueryValueExW 95720->95721 95722 f33b80 RegCloseKey 95721->95722 95723 f33b6b 95721->95723 95722->95718 95723->95722 95724 f8d27a GetUserNameW 95725 f8d292 95724->95725 95726 f32e37 95727 f3a961 22 API calls 95726->95727 95728 f32e4d 95727->95728 95805 f34ae3 95728->95805 95730 f32e6b 95819 f33a5a 95730->95819 95732 f32e7f 95733 f39cb3 22 API calls 95732->95733 95734 f32e8c 95733->95734 95826 f34ecb 95734->95826 95737 f72cb0 95866 fa2cf9 95737->95866 95738 f32ead 95848 f3a8c7 22 API calls __fread_nolock 95738->95848 95740 f72cc3 95742 f72ccf 95740->95742 95892 f34f39 95740->95892 95747 f34f39 68 API calls 95742->95747 95743 f32ec3 95849 f36f88 22 API calls 95743->95849 95746 f32ecf 95749 f39cb3 22 API calls 95746->95749 95748 f72ce5 95747->95748 95898 f33084 22 API calls 95748->95898 95750 f32edc 95749->95750 95850 f3a81b 41 API calls 95750->95850 95753 f32eec 95755 f39cb3 22 API calls 95753->95755 95754 f72d02 95899 f33084 22 API calls 95754->95899 95757 f32f12 95755->95757 95851 f3a81b 41 API calls 95757->95851 95758 f72d1e 95760 f33a5a 24 API calls 95758->95760 95762 f72d44 95760->95762 95761 f32f21 95764 f3a961 22 API calls 95761->95764 95900 f33084 22 API calls 95762->95900 95766 f32f3f 95764->95766 95765 f72d50 95901 f3a8c7 22 API calls __fread_nolock 95765->95901 95852 f33084 22 API calls 95766->95852 95768 f72d5e 95902 f33084 22 API calls 95768->95902 95771 f32f4b 95853 f54a28 40 API calls 3 library calls 95771->95853 95772 f72d6d 95903 f3a8c7 22 API calls __fread_nolock 95772->95903 95774 f32f59 95774->95748 95775 f32f63 95774->95775 95854 f54a28 40 API calls 3 library calls 95775->95854 95778 f72d83 95904 f33084 22 API calls 95778->95904 95779 f32f6e 95779->95754 95781 f32f78 95779->95781 95855 f54a28 40 API calls 3 library calls 95781->95855 95782 f72d90 95784 f32f83 95784->95758 95785 f32f8d 95784->95785 95856 f54a28 40 API calls 3 library calls 95785->95856 95787 f32f98 95788 f32fdc 95787->95788 95857 f33084 22 API calls 95787->95857 95788->95772 95789 f32fe8 95788->95789 95789->95782 95860 f363eb 22 API calls 95789->95860 95791 f32fbf 95858 f3a8c7 22 API calls __fread_nolock 95791->95858 95794 f32ff8 95861 f36a50 22 API calls 95794->95861 95795 f32fcd 95859 f33084 22 API calls 95795->95859 95797 f33006 95862 f370b0 23 API calls 95797->95862 95802 f33021 95803 f33065 95802->95803 95863 f36f88 22 API calls 95802->95863 95864 f370b0 23 API calls 95802->95864 95865 f33084 22 API calls 95802->95865 95806 f34af0 __wsopen_s 95805->95806 95808 f34b22 95806->95808 95908 f36b57 95806->95908 95814 f34b58 95808->95814 95905 f34c6d 95808->95905 95810 f34c6d 22 API calls 95810->95814 95811 f39cb3 22 API calls 95813 f34c52 95811->95813 95812 f39cb3 22 API calls 95812->95814 95815 f3515f 22 API calls 95813->95815 95814->95810 95814->95812 95818 f34c29 95814->95818 95920 f3515f 95814->95920 95817 f34c5e 95815->95817 95817->95730 95818->95811 95818->95817 95937 f71f50 95819->95937 95822 f39cb3 22 API calls 95823 f33a8d 95822->95823 95939 f33aa2 95823->95939 95825 f33a97 95825->95732 95959 f34e90 LoadLibraryA 95826->95959 95831 f34ef6 LoadLibraryExW 95967 f34e59 LoadLibraryA 95831->95967 95832 f73ccf 95834 f34f39 68 API calls 95832->95834 95836 f73cd6 95834->95836 95838 f34e59 3 API calls 95836->95838 95840 f73cde 95838->95840 95839 f34f20 95839->95840 95841 f34f2c 95839->95841 95989 f350f5 95840->95989 95842 f34f39 68 API calls 95841->95842 95845 f32ea5 95842->95845 95845->95737 95845->95738 95847 f73d05 95848->95743 95849->95746 95850->95753 95851->95761 95852->95771 95853->95774 95854->95779 95855->95784 95856->95787 95857->95791 95858->95795 95859->95788 95860->95794 95861->95797 95862->95802 95863->95802 95864->95802 95865->95802 95867 fa2d15 95866->95867 95868 f3511f 64 API calls 95867->95868 95869 fa2d29 95868->95869 96132 fa2e66 95869->96132 95872 fa2d3f 95872->95740 95873 f350f5 40 API calls 95874 fa2d56 95873->95874 95875 f350f5 40 API calls 95874->95875 95876 fa2d66 95875->95876 95877 f350f5 40 API calls 95876->95877 95878 fa2d81 95877->95878 95879 f350f5 40 API calls 95878->95879 95880 fa2d9c 95879->95880 95881 f3511f 64 API calls 95880->95881 95882 fa2db3 95881->95882 95883 f5ea0c ___std_exception_copy 21 API calls 95882->95883 95884 fa2dba 95883->95884 95885 f5ea0c ___std_exception_copy 21 API calls 95884->95885 95886 fa2dc4 95885->95886 95887 f350f5 40 API calls 95886->95887 95888 fa2dd8 95887->95888 95889 fa28fe 27 API calls 95888->95889 95890 fa2dee 95889->95890 95890->95872 96138 fa22ce 79 API calls 95890->96138 95893 f34f43 95892->95893 95895 f34f4a 95892->95895 96139 f5e678 95893->96139 95896 f34f6a FreeLibrary 95895->95896 95897 f34f59 95895->95897 95896->95897 95897->95742 95898->95754 95899->95758 95900->95765 95901->95768 95902->95772 95903->95778 95904->95782 95926 f3aec9 95905->95926 95907 f34c78 95907->95808 95909 f36b67 _wcslen 95908->95909 95910 f74ba1 95908->95910 95913 f36ba2 95909->95913 95914 f36b7d 95909->95914 95933 f393b2 95910->95933 95912 f74baa 95912->95912 95916 f4fddb 22 API calls 95913->95916 95932 f36f34 22 API calls 95914->95932 95918 f36bae 95916->95918 95917 f36b85 __fread_nolock 95917->95808 95919 f4fe0b 22 API calls 95918->95919 95919->95917 95921 f3516e 95920->95921 95925 f3518f __fread_nolock 95920->95925 95923 f4fe0b 22 API calls 95921->95923 95922 f4fddb 22 API calls 95924 f351a2 95922->95924 95923->95925 95924->95814 95925->95922 95927 f3aedc 95926->95927 95931 f3aed9 __fread_nolock 95926->95931 95928 f4fddb 22 API calls 95927->95928 95929 f3aee7 95928->95929 95930 f4fe0b 22 API calls 95929->95930 95930->95931 95931->95907 95932->95917 95934 f393c0 95933->95934 95936 f393c9 __fread_nolock 95933->95936 95935 f3aec9 22 API calls 95934->95935 95934->95936 95935->95936 95936->95912 95938 f33a67 GetModuleFileNameW 95937->95938 95938->95822 95940 f71f50 __wsopen_s 95939->95940 95941 f33aaf GetFullPathNameW 95940->95941 95942 f33ae9 95941->95942 95943 f33ace 95941->95943 95953 f3a6c3 95942->95953 95945 f36b57 22 API calls 95943->95945 95946 f33ada 95945->95946 95949 f337a0 95946->95949 95950 f337ae 95949->95950 95951 f393b2 22 API calls 95950->95951 95952 f337c2 95951->95952 95952->95825 95954 f3a6d0 95953->95954 95955 f3a6dd 95953->95955 95954->95946 95956 f4fddb 22 API calls 95955->95956 95957 f3a6e7 95956->95957 95958 f4fe0b 22 API calls 95957->95958 95958->95954 95960 f34ec6 95959->95960 95961 f34ea8 GetProcAddress 95959->95961 95964 f5e5eb 95960->95964 95962 f34eb8 95961->95962 95962->95960 95963 f34ebf FreeLibrary 95962->95963 95963->95960 95997 f5e52a 95964->95997 95966 f34eea 95966->95831 95966->95832 95968 f34e6e GetProcAddress 95967->95968 95969 f34e8d 95967->95969 95970 f34e7e 95968->95970 95972 f34f80 95969->95972 95970->95969 95971 f34e86 FreeLibrary 95970->95971 95971->95969 95973 f4fe0b 22 API calls 95972->95973 95974 f34f95 95973->95974 96058 f35722 95974->96058 95976 f34fa1 __fread_nolock 95977 f350a5 95976->95977 95978 f73d1d 95976->95978 95988 f34fdc 95976->95988 96061 f342a2 CreateStreamOnHGlobal 95977->96061 96072 fa304d 74 API calls 95978->96072 95981 f73d22 95983 f3511f 64 API calls 95981->95983 95982 f350f5 40 API calls 95982->95988 95984 f73d45 95983->95984 95985 f350f5 40 API calls 95984->95985 95987 f3506e messages 95985->95987 95987->95839 95988->95981 95988->95982 95988->95987 96067 f3511f 95988->96067 95990 f35107 95989->95990 95993 f73d70 95989->95993 96094 f5e8c4 95990->96094 95994 fa28fe 96115 fa274e 95994->96115 95996 fa2919 95996->95847 95998 f5e536 __FrameHandler3::FrameUnwindToState 95997->95998 95999 f5e544 95998->95999 96002 f5e574 95998->96002 96022 f5f2d9 20 API calls __dosmaperr 95999->96022 96001 f5e549 96023 f627ec 26 API calls pre_c_initialization 96001->96023 96004 f5e586 96002->96004 96005 f5e579 96002->96005 96014 f68061 96004->96014 96024 f5f2d9 20 API calls __dosmaperr 96005->96024 96008 f5e58f 96009 f5e595 96008->96009 96010 f5e5a2 96008->96010 96025 f5f2d9 20 API calls __dosmaperr 96009->96025 96026 f5e5d4 LeaveCriticalSection __fread_nolock 96010->96026 96012 f5e554 __wsopen_s 96012->95966 96015 f6806d __FrameHandler3::FrameUnwindToState 96014->96015 96027 f62f5e EnterCriticalSection 96015->96027 96017 f6807b 96028 f680fb 96017->96028 96021 f680ac __wsopen_s 96021->96008 96022->96001 96023->96012 96024->96012 96025->96012 96026->96012 96027->96017 96034 f6811e 96028->96034 96029 f68088 96042 f680b7 96029->96042 96030 f68177 96047 f64c7d 20 API calls 2 library calls 96030->96047 96032 f68180 96048 f629c8 96032->96048 96034->96029 96034->96030 96045 f5918d EnterCriticalSection 96034->96045 96046 f591a1 LeaveCriticalSection 96034->96046 96036 f68189 96036->96029 96054 f63405 11 API calls 2 library calls 96036->96054 96038 f681a8 96055 f5918d EnterCriticalSection 96038->96055 96041 f681bb 96041->96029 96057 f62fa6 LeaveCriticalSection 96042->96057 96044 f680be 96044->96021 96045->96034 96046->96034 96047->96032 96049 f629d3 RtlFreeHeap 96048->96049 96050 f629fc __dosmaperr 96048->96050 96049->96050 96051 f629e8 96049->96051 96050->96036 96056 f5f2d9 20 API calls __dosmaperr 96051->96056 96053 f629ee GetLastError 96053->96050 96054->96038 96055->96041 96056->96053 96057->96044 96059 f4fddb 22 API calls 96058->96059 96060 f35734 96059->96060 96060->95976 96062 f342bc FindResourceExW 96061->96062 96066 f342d9 96061->96066 96063 f735ba LoadResource 96062->96063 96062->96066 96064 f735cf SizeofResource 96063->96064 96063->96066 96065 f735e3 LockResource 96064->96065 96064->96066 96065->96066 96066->95988 96068 f73d90 96067->96068 96069 f3512e 96067->96069 96073 f5ece3 96069->96073 96072->95981 96076 f5eaaa 96073->96076 96075 f3513c 96075->95988 96079 f5eab6 __FrameHandler3::FrameUnwindToState 96076->96079 96077 f5eac2 96089 f5f2d9 20 API calls __dosmaperr 96077->96089 96079->96077 96080 f5eae8 96079->96080 96091 f5918d EnterCriticalSection 96080->96091 96081 f5eac7 96090 f627ec 26 API calls pre_c_initialization 96081->96090 96084 f5eaf4 96092 f5ec0a 62 API calls 2 library calls 96084->96092 96086 f5eb08 96093 f5eb27 LeaveCriticalSection __fread_nolock 96086->96093 96088 f5ead2 __wsopen_s 96088->96075 96089->96081 96090->96088 96091->96084 96092->96086 96093->96088 96097 f5e8e1 96094->96097 96096 f35118 96096->95994 96098 f5e8ed __FrameHandler3::FrameUnwindToState 96097->96098 96099 f5e900 ___scrt_fastfail 96098->96099 96100 f5e92d 96098->96100 96101 f5e925 __wsopen_s 96098->96101 96110 f5f2d9 20 API calls __dosmaperr 96099->96110 96112 f5918d EnterCriticalSection 96100->96112 96101->96096 96104 f5e937 96113 f5e6f8 38 API calls 4 library calls 96104->96113 96105 f5e91a 96111 f627ec 26 API calls pre_c_initialization 96105->96111 96108 f5e94e 96114 f5e96c LeaveCriticalSection __fread_nolock 96108->96114 96110->96105 96111->96101 96112->96104 96113->96108 96114->96101 96118 f5e4e8 96115->96118 96117 fa275d 96117->95996 96121 f5e469 96118->96121 96120 f5e505 96120->96117 96122 f5e48c 96121->96122 96123 f5e478 96121->96123 96127 f5e488 __alldvrm 96122->96127 96131 f6333f 11 API calls 2 library calls 96122->96131 96129 f5f2d9 20 API calls __dosmaperr 96123->96129 96126 f5e47d 96130 f627ec 26 API calls pre_c_initialization 96126->96130 96127->96120 96129->96126 96130->96127 96131->96127 96137 fa2e7a 96132->96137 96133 fa2d3b 96133->95872 96133->95873 96134 f350f5 40 API calls 96134->96137 96135 fa28fe 27 API calls 96135->96137 96136 f3511f 64 API calls 96136->96137 96137->96133 96137->96134 96137->96135 96137->96136 96138->95872 96140 f5e684 __FrameHandler3::FrameUnwindToState 96139->96140 96141 f5e695 96140->96141 96142 f5e6aa 96140->96142 96169 f5f2d9 20 API calls __dosmaperr 96141->96169 96151 f5e6a5 __wsopen_s 96142->96151 96152 f5918d EnterCriticalSection 96142->96152 96145 f5e69a 96170 f627ec 26 API calls pre_c_initialization 96145->96170 96146 f5e6c6 96153 f5e602 96146->96153 96149 f5e6d1 96171 f5e6ee LeaveCriticalSection __fread_nolock 96149->96171 96151->95895 96152->96146 96154 f5e624 96153->96154 96155 f5e60f 96153->96155 96161 f5e61f 96154->96161 96172 f5dc0b 96154->96172 96204 f5f2d9 20 API calls __dosmaperr 96155->96204 96158 f5e614 96205 f627ec 26 API calls pre_c_initialization 96158->96205 96161->96149 96165 f5e646 96189 f6862f 96165->96189 96168 f629c8 _free 20 API calls 96168->96161 96169->96145 96170->96151 96171->96151 96173 f5dc23 96172->96173 96177 f5dc1f 96172->96177 96174 f5d955 __fread_nolock 26 API calls 96173->96174 96173->96177 96175 f5dc43 96174->96175 96206 f659be 62 API calls 4 library calls 96175->96206 96178 f64d7a 96177->96178 96179 f64d90 96178->96179 96181 f5e640 96178->96181 96180 f629c8 _free 20 API calls 96179->96180 96179->96181 96180->96181 96182 f5d955 96181->96182 96183 f5d976 96182->96183 96184 f5d961 96182->96184 96183->96165 96207 f5f2d9 20 API calls __dosmaperr 96184->96207 96186 f5d966 96208 f627ec 26 API calls pre_c_initialization 96186->96208 96188 f5d971 96188->96165 96190 f6863e 96189->96190 96192 f68653 96189->96192 96212 f5f2c6 20 API calls __dosmaperr 96190->96212 96193 f6868e 96192->96193 96197 f6867a 96192->96197 96214 f5f2c6 20 API calls __dosmaperr 96193->96214 96194 f68643 96213 f5f2d9 20 API calls __dosmaperr 96194->96213 96209 f68607 96197->96209 96198 f68693 96215 f5f2d9 20 API calls __dosmaperr 96198->96215 96201 f6869b 96216 f627ec 26 API calls pre_c_initialization 96201->96216 96202 f5e64c 96202->96161 96202->96168 96204->96158 96205->96161 96206->96177 96207->96186 96208->96188 96217 f68585 96209->96217 96211 f6862b 96211->96202 96212->96194 96213->96202 96214->96198 96215->96201 96216->96202 96218 f68591 __FrameHandler3::FrameUnwindToState 96217->96218 96228 f65147 EnterCriticalSection 96218->96228 96220 f6859f 96221 f685c6 96220->96221 96222 f685d1 96220->96222 96229 f686ae 96221->96229 96244 f5f2d9 20 API calls __dosmaperr 96222->96244 96225 f685cc 96245 f685fb LeaveCriticalSection __wsopen_s 96225->96245 96227 f685ee __wsopen_s 96227->96211 96228->96220 96246 f653c4 96229->96246 96231 f686c4 96259 f65333 21 API calls 2 library calls 96231->96259 96233 f686be 96233->96231 96236 f653c4 __wsopen_s 26 API calls 96233->96236 96243 f686f6 96233->96243 96234 f653c4 __wsopen_s 26 API calls 96237 f68702 CloseHandle 96234->96237 96235 f6871c 96241 f6873e 96235->96241 96260 f5f2a3 20 API calls __dosmaperr 96235->96260 96238 f686ed 96236->96238 96237->96231 96239 f6870e GetLastError 96237->96239 96242 f653c4 __wsopen_s 26 API calls 96238->96242 96239->96231 96241->96225 96242->96243 96243->96231 96243->96234 96244->96225 96245->96227 96247 f653e6 96246->96247 96248 f653d1 96246->96248 96253 f6540b 96247->96253 96263 f5f2c6 20 API calls __dosmaperr 96247->96263 96261 f5f2c6 20 API calls __dosmaperr 96248->96261 96250 f653d6 96262 f5f2d9 20 API calls __dosmaperr 96250->96262 96253->96233 96254 f65416 96264 f5f2d9 20 API calls __dosmaperr 96254->96264 96255 f653de 96255->96233 96257 f6541e 96265 f627ec 26 API calls pre_c_initialization 96257->96265 96259->96235 96260->96241 96261->96250 96262->96255 96263->96254 96264->96257 96265->96255 96266 f83f75 96267 f4ceb1 23 API calls 96266->96267 96268 f83f8b 96267->96268 96276 f84006 96268->96276 96335 f4e300 23 API calls 96268->96335 96271 f84052 96274 f84a88 96271->96274 96337 fa359c 82 API calls __wsopen_s 96271->96337 96273 f83fe6 96273->96271 96336 fa1abf 22 API calls 96273->96336 96277 f3bf40 96276->96277 96338 f3adf0 96277->96338 96279 f3bf9d 96280 f3bfa9 96279->96280 96281 f804b6 96279->96281 96283 f804c6 96280->96283 96284 f3c01e 96280->96284 96355 fa359c 82 API calls __wsopen_s 96281->96355 96356 fa359c 82 API calls __wsopen_s 96283->96356 96343 f3ac91 96284->96343 96287 f3c603 96287->96271 96288 f3c7da 96293 f4fe0b 22 API calls 96288->96293 96290 f97120 22 API calls 96305 f3c039 __fread_nolock messages 96290->96305 96301 f3c808 __fread_nolock 96293->96301 96295 f804f5 96299 f8055a 96295->96299 96357 f4d217 348 API calls 96295->96357 96298 f3af8a 22 API calls 96298->96305 96299->96287 96358 fa359c 82 API calls __wsopen_s 96299->96358 96300 f4fe0b 22 API calls 96306 f3c350 __fread_nolock messages 96300->96306 96301->96300 96302 f8091a 96391 fa3209 23 API calls 96302->96391 96305->96287 96305->96288 96305->96290 96305->96295 96305->96298 96305->96299 96305->96301 96305->96302 96307 f3ec40 348 API calls 96305->96307 96308 f808a5 96305->96308 96310 f3c237 96305->96310 96313 f80591 96305->96313 96314 f808f6 96305->96314 96319 f3bbe0 40 API calls 96305->96319 96320 f3aceb 23 API calls 96305->96320 96321 f4fe0b 22 API calls 96305->96321 96328 f4fddb 22 API calls 96305->96328 96331 f809bf 96305->96331 96347 f3ad81 96305->96347 96360 f97099 22 API calls __fread_nolock 96305->96360 96361 fb5745 54 API calls _wcslen 96305->96361 96362 f4aa42 22 API calls messages 96305->96362 96363 f9f05c 40 API calls 96305->96363 96364 f3a993 41 API calls 96305->96364 96325 f4ce17 22 API calls 96306->96325 96334 f3c3ac 96306->96334 96307->96305 96365 f3ec40 96308->96365 96322 f3c253 96310->96322 96392 f3a8c7 22 API calls __fread_nolock 96310->96392 96312 f808cf 96312->96287 96389 f3a81b 41 API calls 96312->96389 96359 fa359c 82 API calls __wsopen_s 96313->96359 96390 fa359c 82 API calls __wsopen_s 96314->96390 96319->96305 96320->96305 96321->96305 96324 f80976 96322->96324 96327 f3c297 messages 96322->96327 96326 f3aceb 23 API calls 96324->96326 96325->96306 96326->96331 96329 f3aceb 23 API calls 96327->96329 96327->96331 96328->96305 96330 f3c335 96329->96330 96330->96331 96332 f3c342 96330->96332 96331->96287 96393 fa359c 82 API calls __wsopen_s 96331->96393 96354 f3a704 22 API calls messages 96332->96354 96334->96271 96335->96273 96336->96276 96337->96274 96339 f3ae01 96338->96339 96342 f3ae1c messages 96338->96342 96340 f3aec9 22 API calls 96339->96340 96341 f3ae09 CharUpperBuffW 96340->96341 96341->96342 96342->96279 96344 f3acae 96343->96344 96345 f3acd1 96344->96345 96394 fa359c 82 API calls __wsopen_s 96344->96394 96345->96305 96348 f3ad92 96347->96348 96349 f7fadb 96347->96349 96350 f4fddb 22 API calls 96348->96350 96351 f3ad99 96350->96351 96395 f3adcd 96351->96395 96354->96306 96355->96283 96356->96287 96357->96299 96358->96287 96359->96287 96360->96305 96361->96305 96362->96305 96363->96305 96364->96305 96383 f3ec76 messages 96365->96383 96366 f4fddb 22 API calls 96366->96383 96367 f50242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96367->96383 96368 f3fef7 96381 f3ed9d messages 96368->96381 96466 f3a8c7 22 API calls __fread_nolock 96368->96466 96371 f84600 96371->96381 96465 f3a8c7 22 API calls __fread_nolock 96371->96465 96372 f84b0b 96468 fa359c 82 API calls __wsopen_s 96372->96468 96373 f3a8c7 22 API calls 96373->96383 96379 f3fbe3 96379->96381 96382 f84bdc 96379->96382 96388 f3f3ae messages 96379->96388 96380 f3a961 22 API calls 96380->96383 96381->96312 96469 fa359c 82 API calls __wsopen_s 96382->96469 96383->96366 96383->96367 96383->96368 96383->96371 96383->96372 96383->96373 96383->96379 96383->96380 96383->96381 96384 f500a3 29 API calls pre_c_initialization 96383->96384 96386 f84beb 96383->96386 96387 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96383->96387 96383->96388 96403 f401e0 96383->96403 96464 f406a0 41 API calls messages 96383->96464 96384->96383 96470 fa359c 82 API calls __wsopen_s 96386->96470 96387->96383 96388->96381 96467 fa359c 82 API calls __wsopen_s 96388->96467 96389->96314 96390->96287 96391->96310 96392->96322 96393->96287 96394->96345 96398 f3addd 96395->96398 96396 f3adb6 96396->96305 96397 f4fddb 22 API calls 96397->96398 96398->96396 96398->96397 96399 f3a961 22 API calls 96398->96399 96400 f3adcd 22 API calls 96398->96400 96402 f3a8c7 22 API calls __fread_nolock 96398->96402 96399->96398 96400->96398 96402->96398 96404 f40206 96403->96404 96418 f4027e 96403->96418 96405 f85411 96404->96405 96406 f40213 96404->96406 96544 fb7b7e 348 API calls 2 library calls 96405->96544 96413 f85435 96406->96413 96416 f4021d 96406->96416 96407 f85405 96543 fa359c 82 API calls __wsopen_s 96407->96543 96409 f3ec40 348 API calls 96409->96418 96412 f85466 96414 f85471 96412->96414 96415 f85493 96412->96415 96413->96412 96417 f8544d 96413->96417 96546 fb7b7e 348 API calls 2 library calls 96414->96546 96471 fb5689 96415->96471 96459 f40230 messages 96416->96459 96549 f3a8c7 22 API calls __fread_nolock 96416->96549 96545 fa359c 82 API calls __wsopen_s 96417->96545 96418->96409 96422 f40405 96418->96422 96424 f851b9 96418->96424 96437 f403f9 96418->96437 96445 f851ce messages 96418->96445 96446 f40344 96418->96446 96454 f403b2 messages 96418->96454 96422->96383 96539 fa359c 82 API calls __wsopen_s 96424->96539 96425 f8568a 96432 f856c0 96425->96432 96574 fb7771 67 API calls 96425->96574 96428 f85332 96428->96459 96542 f3a8c7 22 API calls __fread_nolock 96428->96542 96431 f85532 96547 fa1119 22 API calls 96431->96547 96433 f3aceb 23 API calls 96432->96433 96461 f40273 messages 96433->96461 96434 f85668 96551 f37510 96434->96551 96437->96422 96538 fa359c 82 API calls __wsopen_s 96437->96538 96439 f8569e 96443 f37510 53 API calls 96439->96443 96442 f854b9 96478 fa0acc 96442->96478 96457 f856a6 _wcslen 96443->96457 96444 f85544 96548 f3a673 22 API calls 96444->96548 96445->96454 96445->96461 96540 fa359c 82 API calls __wsopen_s 96445->96540 96446->96437 96537 f404f0 22 API calls 96446->96537 96449 f403a5 96449->96437 96449->96454 96451 f8554d 96460 fa0acc 22 API calls 96451->96460 96452 f85670 _wcslen 96452->96425 96455 f3aceb 23 API calls 96452->96455 96454->96407 96454->96428 96454->96459 96454->96461 96541 f4a308 348 API calls 96454->96541 96455->96425 96457->96432 96458 f3aceb 23 API calls 96457->96458 96458->96432 96459->96425 96459->96461 96550 fb7632 54 API calls __wsopen_s 96459->96550 96462 f85566 96460->96462 96461->96383 96463 f3bf40 348 API calls 96462->96463 96463->96459 96464->96383 96465->96381 96466->96381 96467->96381 96468->96381 96469->96386 96470->96381 96472 fb56a4 96471->96472 96477 f8549e 96471->96477 96473 f4fe0b 22 API calls 96472->96473 96475 fb56c6 96473->96475 96474 f4fddb 22 API calls 96474->96475 96475->96474 96475->96477 96575 fa0a59 96475->96575 96477->96431 96477->96442 96479 fa0ada 96478->96479 96481 f854e3 96478->96481 96480 f4fddb 22 API calls 96479->96480 96479->96481 96480->96481 96482 f41310 96481->96482 96483 f41376 96482->96483 96484 f417b0 96482->96484 96485 f41390 96483->96485 96486 f86331 96483->96486 96617 f50242 5 API calls __Init_thread_wait 96484->96617 96579 f41940 96485->96579 96490 f8633d 96486->96490 96621 fb709c 348 API calls 96486->96621 96488 f417ba 96492 f417fb 96488->96492 96494 f39cb3 22 API calls 96488->96494 96490->96459 96497 f86346 96492->96497 96499 f4182c 96492->96499 96503 f417d4 96494->96503 96495 f41940 9 API calls 96496 f413b6 96495->96496 96496->96492 96498 f413ec 96496->96498 96622 fa359c 82 API calls __wsopen_s 96497->96622 96498->96497 96523 f41408 __fread_nolock 96498->96523 96501 f3aceb 23 API calls 96499->96501 96502 f41839 96501->96502 96619 f4d217 348 API calls 96502->96619 96618 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96503->96618 96506 f8636e 96623 fa359c 82 API calls __wsopen_s 96506->96623 96507 f4152f 96509 f4153c 96507->96509 96510 f863d1 96507->96510 96512 f41940 9 API calls 96509->96512 96625 fb5745 54 API calls _wcslen 96510->96625 96514 f41549 96512->96514 96513 f4fddb 22 API calls 96513->96523 96517 f415c7 messages 96514->96517 96520 f41940 9 API calls 96514->96520 96515 f41872 96620 f4faeb 23 API calls 96515->96620 96516 f4fe0b 22 API calls 96516->96523 96517->96515 96525 f4167b messages 96517->96525 96528 f41940 9 API calls 96517->96528 96589 fc1591 96517->96589 96592 fbab67 96517->96592 96595 fa5c5a 96517->96595 96600 fba2ea 96517->96600 96605 f4f645 96517->96605 96612 fbabf7 96517->96612 96627 fa359c 82 API calls __wsopen_s 96517->96627 96518 f4171d 96518->96459 96524 f41563 96520->96524 96522 f3ec40 348 API calls 96522->96523 96523->96502 96523->96506 96523->96507 96523->96513 96523->96516 96523->96517 96523->96522 96526 f863b2 96523->96526 96524->96517 96626 f3a8c7 22 API calls __fread_nolock 96524->96626 96525->96518 96527 f4ce17 22 API calls 96525->96527 96624 fa359c 82 API calls __wsopen_s 96526->96624 96527->96525 96528->96517 96537->96449 96538->96461 96539->96445 96540->96454 96541->96454 96542->96459 96543->96405 96544->96459 96545->96461 96546->96459 96547->96444 96548->96451 96549->96459 96550->96434 96552 f37522 96551->96552 96553 f37525 96551->96553 96552->96452 96554 f3755b 96553->96554 96555 f3752d 96553->96555 96556 f750f6 96554->96556 96559 f3756d 96554->96559 96566 f7500f 96554->96566 96797 f551c6 26 API calls 96555->96797 96800 f55183 26 API calls 96556->96800 96798 f4fb21 51 API calls 96559->96798 96560 f3753d 96563 f4fddb 22 API calls 96560->96563 96561 f7510e 96561->96561 96565 f37547 96563->96565 96567 f39cb3 22 API calls 96565->96567 96568 f75088 96566->96568 96569 f4fe0b 22 API calls 96566->96569 96567->96552 96799 f4fb21 51 API calls 96568->96799 96570 f75058 96569->96570 96571 f4fddb 22 API calls 96570->96571 96572 f7507f 96571->96572 96573 f39cb3 22 API calls 96572->96573 96573->96568 96574->96439 96576 fa0a7a 96575->96576 96577 f4fddb 22 API calls 96576->96577 96578 fa0a85 96576->96578 96577->96578 96578->96475 96580 f41981 96579->96580 96581 f4195d 96579->96581 96628 f50242 5 API calls __Init_thread_wait 96580->96628 96588 f413a0 96581->96588 96630 f50242 5 API calls __Init_thread_wait 96581->96630 96584 f4198b 96584->96581 96629 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96584->96629 96585 f48727 96585->96588 96631 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96585->96631 96588->96495 96632 fc2ad8 96589->96632 96591 fc159f 96591->96517 96643 fbaff9 96592->96643 96596 f37510 53 API calls 96595->96596 96597 fa5c6d 96596->96597 96771 f9dbbe lstrlenW 96597->96771 96599 fa5c77 96599->96517 96601 f37510 53 API calls 96600->96601 96602 fba306 96601->96602 96776 f9d4dc CreateToolhelp32Snapshot Process32FirstW 96602->96776 96604 fba315 96604->96517 96606 f3b567 39 API calls 96605->96606 96607 f4f659 96606->96607 96608 f8f2dc Sleep 96607->96608 96609 f4f661 timeGetTime 96607->96609 96610 f3b567 39 API calls 96609->96610 96611 f4f677 96610->96611 96611->96517 96613 fbaff9 217 API calls 96612->96613 96615 fbac0c 96613->96615 96614 fbac54 96614->96517 96615->96614 96616 f3aceb 23 API calls 96615->96616 96616->96614 96617->96488 96618->96492 96619->96515 96620->96515 96621->96490 96622->96517 96623->96517 96624->96517 96625->96524 96626->96517 96627->96517 96628->96584 96629->96581 96630->96585 96631->96588 96633 f3aceb 23 API calls 96632->96633 96634 fc2af3 96633->96634 96635 fc2b1d 96634->96635 96636 fc2aff 96634->96636 96638 f36b57 22 API calls 96635->96638 96637 f37510 53 API calls 96636->96637 96639 fc2b0c 96637->96639 96640 fc2b1b 96638->96640 96639->96640 96642 f3a8c7 22 API calls __fread_nolock 96639->96642 96640->96591 96642->96640 96644 fbb01d ___scrt_fastfail 96643->96644 96645 fbb058 96644->96645 96646 fbb094 96644->96646 96741 f3b567 96645->96741 96650 f3b567 39 API calls 96646->96650 96651 fbb08b 96646->96651 96648 fbb063 96648->96651 96654 f3b567 39 API calls 96648->96654 96649 fbb0ed 96652 f37510 53 API calls 96649->96652 96653 fbb0a5 96650->96653 96651->96649 96655 f3b567 39 API calls 96651->96655 96656 fbb10b 96652->96656 96657 f3b567 39 API calls 96653->96657 96658 fbb078 96654->96658 96655->96649 96734 f37620 96656->96734 96657->96651 96661 f3b567 39 API calls 96658->96661 96660 fbb115 96662 fbb1d8 96660->96662 96663 fbb11f 96660->96663 96661->96651 96665 fbb20a GetCurrentDirectoryW 96662->96665 96668 f37510 53 API calls 96662->96668 96664 f37510 53 API calls 96663->96664 96666 fbb130 96664->96666 96667 f4fe0b 22 API calls 96665->96667 96669 f37620 22 API calls 96666->96669 96670 fbb22f GetCurrentDirectoryW 96667->96670 96671 fbb1ef 96668->96671 96672 fbb13a 96669->96672 96673 fbb23c 96670->96673 96674 f37620 22 API calls 96671->96674 96675 f37510 53 API calls 96672->96675 96678 fbb275 96673->96678 96746 f39c6e 22 API calls 96673->96746 96676 fbb1f9 _wcslen 96674->96676 96677 fbb14b 96675->96677 96676->96665 96676->96678 96679 f37620 22 API calls 96677->96679 96683 fbb28b 96678->96683 96684 fbb287 96678->96684 96681 fbb155 96679->96681 96685 f37510 53 API calls 96681->96685 96682 fbb255 96747 f39c6e 22 API calls 96682->96747 96749 fa07c0 10 API calls 96683->96749 96691 fbb39a CreateProcessW 96684->96691 96692 fbb2f8 96684->96692 96688 fbb166 96685->96688 96693 f37620 22 API calls 96688->96693 96689 fbb265 96748 f39c6e 22 API calls 96689->96748 96690 fbb294 96750 fa06e6 10 API calls 96690->96750 96733 fbb32f _wcslen 96691->96733 96752 f911c8 39 API calls 96692->96752 96697 fbb170 96693->96697 96700 fbb1a6 GetSystemDirectoryW 96697->96700 96705 f37510 53 API calls 96697->96705 96698 fbb2aa 96751 fa05a7 8 API calls 96698->96751 96699 fbb2fd 96703 fbb32a 96699->96703 96704 fbb323 96699->96704 96702 f4fe0b 22 API calls 96700->96702 96709 fbb1cb GetSystemDirectoryW 96702->96709 96754 f914ce 6 API calls 96703->96754 96753 f91201 128 API calls 2 library calls 96704->96753 96706 fbb187 96705->96706 96711 f37620 22 API calls 96706->96711 96708 fbb2d0 96708->96684 96709->96673 96713 fbb191 _wcslen 96711->96713 96712 fbb328 96712->96733 96713->96673 96713->96700 96714 fbb42f CloseHandle 96716 fbb43f 96714->96716 96724 fbb49a 96714->96724 96715 fbb3d6 GetLastError 96723 fbb41a 96715->96723 96717 fbb451 96716->96717 96718 fbb446 CloseHandle 96716->96718 96721 fbb458 CloseHandle 96717->96721 96722 fbb463 96717->96722 96718->96717 96720 fbb4a6 96720->96723 96721->96722 96725 fbb46a CloseHandle 96722->96725 96726 fbb475 96722->96726 96738 fa0175 96723->96738 96724->96720 96729 fbb4d2 CloseHandle 96724->96729 96725->96726 96755 fa09d9 34 API calls 96726->96755 96729->96723 96731 fbb486 96756 fbb536 25 API calls 96731->96756 96733->96714 96733->96715 96735 f3762a _wcslen 96734->96735 96736 f4fe0b 22 API calls 96735->96736 96737 f3763f 96736->96737 96737->96660 96757 fa030f 96738->96757 96742 f3b578 96741->96742 96743 f3b57f 96741->96743 96742->96743 96770 f562d1 39 API calls _strftime 96742->96770 96743->96648 96745 f3b5c2 96745->96648 96746->96682 96747->96689 96748->96678 96749->96690 96750->96698 96751->96708 96752->96699 96753->96712 96754->96733 96755->96731 96756->96724 96758 fa0329 96757->96758 96759 fa0321 CloseHandle 96757->96759 96760 fa032e CloseHandle 96758->96760 96761 fa0336 96758->96761 96759->96758 96760->96761 96762 fa033b CloseHandle 96761->96762 96763 fa0343 96761->96763 96762->96763 96764 fa0348 CloseHandle 96763->96764 96765 fa0350 96763->96765 96764->96765 96766 fa035d 96765->96766 96767 fa0355 CloseHandle 96765->96767 96768 fa017d 96766->96768 96769 fa0362 CloseHandle 96766->96769 96767->96766 96768->96517 96769->96768 96770->96745 96772 f9dbdc GetFileAttributesW 96771->96772 96773 f9dc06 96771->96773 96772->96773 96774 f9dbe8 FindFirstFileW 96772->96774 96773->96599 96774->96773 96775 f9dbf9 FindClose 96774->96775 96775->96773 96786 f9def7 96776->96786 96778 f9d529 Process32NextW 96779 f9d5db CloseHandle 96778->96779 96785 f9d522 96778->96785 96779->96604 96780 f3a961 22 API calls 96780->96785 96781 f39cb3 22 API calls 96781->96785 96785->96778 96785->96779 96785->96780 96785->96781 96792 f3525f 22 API calls 96785->96792 96793 f36350 22 API calls 96785->96793 96794 f4ce60 41 API calls 96785->96794 96791 f9df02 96786->96791 96787 f9df19 96796 f562fb 39 API calls _strftime 96787->96796 96790 f9df1f 96790->96785 96791->96787 96791->96790 96795 f563b2 GetStringTypeW _strftime 96791->96795 96792->96785 96793->96785 96794->96785 96795->96791 96796->96790 96797->96560 96798->96560 96799->96556 96800->96561 96801 f503fb 96802 f50407 __FrameHandler3::FrameUnwindToState 96801->96802 96830 f4feb1 96802->96830 96804 f5040e 96805 f50561 96804->96805 96809 f50438 96804->96809 96860 f5083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96805->96860 96807 f50568 96853 f54e52 96807->96853 96819 f50477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96809->96819 96841 f6247d 96809->96841 96815 f50457 96817 f504d8 96849 f50959 96817->96849 96819->96817 96856 f54e1a 38 API calls 3 library calls 96819->96856 96821 f504de 96822 f504f3 96821->96822 96857 f50992 GetModuleHandleW 96822->96857 96824 f504fa 96824->96807 96825 f504fe 96824->96825 96826 f50507 96825->96826 96858 f54df5 28 API calls _abort 96825->96858 96859 f50040 13 API calls 2 library calls 96826->96859 96829 f5050f 96829->96815 96831 f4feba 96830->96831 96862 f50698 IsProcessorFeaturePresent 96831->96862 96833 f4fec6 96863 f52c94 10 API calls 3 library calls 96833->96863 96835 f4fecb 96836 f4fecf 96835->96836 96864 f62317 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96835->96864 96836->96804 96838 f4fed8 96839 f4fee6 96838->96839 96865 f52cbd 8 API calls 3 library calls 96838->96865 96839->96804 96844 f62494 96841->96844 96843 f50451 96843->96815 96845 f62421 96843->96845 96866 f50a8c 96844->96866 96847 f62450 96845->96847 96846 f50a8c _ValidateLocalCookies 5 API calls 96848 f62479 96846->96848 96847->96846 96848->96819 96874 f52340 96849->96874 96852 f5097f 96852->96821 96876 f54bcf 96853->96876 96856->96817 96857->96824 96858->96826 96859->96829 96860->96807 96862->96833 96863->96835 96864->96838 96865->96836 96867 f50a95 96866->96867 96868 f50a97 IsProcessorFeaturePresent 96866->96868 96867->96843 96870 f50c5d 96868->96870 96873 f50c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96870->96873 96872 f50d40 96872->96843 96873->96872 96875 f5096c GetStartupInfoW 96874->96875 96875->96852 96877 f54bdb __FrameHandler3::FrameUnwindToState 96876->96877 96878 f54bf4 96877->96878 96879 f54be2 96877->96879 96900 f62f5e EnterCriticalSection 96878->96900 96915 f54d29 GetModuleHandleW 96879->96915 96882 f54be7 96882->96878 96916 f54d6d GetModuleHandleExW 96882->96916 96886 f54c70 96891 f54c88 96886->96891 96895 f62421 _abort 5 API calls 96886->96895 96888 f54cb6 96907 f54ce8 96888->96907 96889 f54ce2 96924 f71d29 5 API calls _ValidateLocalCookies 96889->96924 96890 f54bfb 96890->96886 96899 f54c99 96890->96899 96901 f621a8 96890->96901 96896 f62421 _abort 5 API calls 96891->96896 96895->96891 96896->96899 96904 f54cd9 96899->96904 96900->96890 96925 f61ee1 96901->96925 96944 f62fa6 LeaveCriticalSection 96904->96944 96906 f54cb2 96906->96888 96906->96889 96945 f6360c 96907->96945 96910 f54d16 96913 f54d6d _abort 8 API calls 96910->96913 96911 f54cf6 GetPEB 96911->96910 96912 f54d06 GetCurrentProcess TerminateProcess 96911->96912 96912->96910 96914 f54d1e ExitProcess 96913->96914 96915->96882 96917 f54d97 GetProcAddress 96916->96917 96918 f54dba 96916->96918 96921 f54dac 96917->96921 96919 f54dc0 FreeLibrary 96918->96919 96920 f54dc9 96918->96920 96919->96920 96922 f50a8c _ValidateLocalCookies 5 API calls 96920->96922 96921->96918 96923 f54bf3 96922->96923 96923->96878 96928 f61e90 96925->96928 96927 f61f05 96927->96886 96929 f61e9c __FrameHandler3::FrameUnwindToState 96928->96929 96936 f62f5e EnterCriticalSection 96929->96936 96931 f61eaa 96937 f61f31 96931->96937 96935 f61ec8 __wsopen_s 96935->96927 96936->96931 96938 f61f51 96937->96938 96941 f61f59 96937->96941 96939 f50a8c _ValidateLocalCookies 5 API calls 96938->96939 96940 f61eb7 96939->96940 96943 f61ed5 LeaveCriticalSection _abort 96940->96943 96941->96938 96942 f629c8 _free 20 API calls 96941->96942 96942->96938 96943->96935 96944->96906 96946 f63627 96945->96946 96947 f63631 96945->96947 96949 f50a8c _ValidateLocalCookies 5 API calls 96946->96949 96952 f62fd7 5 API calls 2 library calls 96947->96952 96950 f54cf2 96949->96950 96950->96910 96950->96911 96951 f63648 96951->96946 96952->96951 96953 f3defc 96956 f31d6f 96953->96956 96955 f3df07 96957 f31d8c 96956->96957 96965 f31f6f 96957->96965 96959 f31da6 96960 f72759 96959->96960 96962 f31e36 96959->96962 96963 f31dc2 96959->96963 96969 fa359c 82 API calls __wsopen_s 96960->96969 96962->96955 96963->96962 96968 f3289a 23 API calls 96963->96968 96966 f3ec40 348 API calls 96965->96966 96967 f31f98 96966->96967 96967->96959 96968->96962 96969->96962 96970 f32de3 96971 f32df0 __wsopen_s 96970->96971 96972 f32e09 96971->96972 96973 f72c2b ___scrt_fastfail 96971->96973 96974 f33aa2 23 API calls 96972->96974 96976 f72c47 GetOpenFileNameW 96973->96976 96975 f32e12 96974->96975 96986 f32da5 96975->96986 96978 f72c96 96976->96978 96979 f36b57 22 API calls 96978->96979 96981 f72cab 96979->96981 96981->96981 96983 f32e27 97004 f344a8 96983->97004 96987 f71f50 __wsopen_s 96986->96987 96988 f32db2 GetLongPathNameW 96987->96988 96989 f36b57 22 API calls 96988->96989 96990 f32dda 96989->96990 96991 f33598 96990->96991 96992 f3a961 22 API calls 96991->96992 96993 f335aa 96992->96993 96994 f33aa2 23 API calls 96993->96994 96995 f335b5 96994->96995 96996 f335c0 96995->96996 97000 f732eb 96995->97000 96997 f3515f 22 API calls 96996->96997 96999 f335cc 96997->96999 97034 f335f3 96999->97034 97002 f7330d 97000->97002 97040 f4ce60 41 API calls 97000->97040 97003 f335df 97003->96983 97005 f34ecb 94 API calls 97004->97005 97006 f344cd 97005->97006 97007 f73833 97006->97007 97008 f34ecb 94 API calls 97006->97008 97009 fa2cf9 80 API calls 97007->97009 97010 f344e1 97008->97010 97011 f73848 97009->97011 97010->97007 97012 f344e9 97010->97012 97013 f7384c 97011->97013 97014 f73869 97011->97014 97016 f73854 97012->97016 97017 f344f5 97012->97017 97018 f34f39 68 API calls 97013->97018 97015 f4fe0b 22 API calls 97014->97015 97033 f738ae 97015->97033 97056 f9da5a 82 API calls 97016->97056 97055 f3940c 136 API calls 2 library calls 97017->97055 97018->97016 97021 f73862 97021->97014 97022 f32e31 97023 f73a5f 97028 f73a67 97023->97028 97024 f34f39 68 API calls 97024->97028 97028->97024 97060 f9989b 82 API calls __wsopen_s 97028->97060 97030 f39cb3 22 API calls 97030->97033 97033->97023 97033->97028 97033->97030 97041 f3a4a1 97033->97041 97049 f33ff7 97033->97049 97057 f9967e 22 API calls __fread_nolock 97033->97057 97058 f995ad 42 API calls _wcslen 97033->97058 97059 fa0b5a 22 API calls 97033->97059 97035 f33605 97034->97035 97039 f33624 __fread_nolock 97034->97039 97038 f4fe0b 22 API calls 97035->97038 97036 f4fddb 22 API calls 97037 f3363b 97036->97037 97037->97003 97038->97039 97039->97036 97040->97000 97042 f3a52b 97041->97042 97046 f3a4b1 __fread_nolock 97041->97046 97044 f4fe0b 22 API calls 97042->97044 97043 f4fddb 22 API calls 97045 f3a4b8 97043->97045 97044->97046 97047 f4fddb 22 API calls 97045->97047 97048 f3a4d6 97045->97048 97046->97043 97047->97048 97048->97033 97050 f3400a 97049->97050 97053 f340ae 97049->97053 97051 f3403c 97050->97051 97052 f4fe0b 22 API calls 97050->97052 97051->97053 97054 f4fddb 22 API calls 97051->97054 97052->97051 97053->97033 97054->97051 97055->97022 97056->97021 97057->97033 97058->97033 97059->97033 97060->97028 97061 f72ba5 97062 f32b25 97061->97062 97063 f72baf 97061->97063 97089 f32b83 7 API calls 97062->97089 97065 f33a5a 24 API calls 97063->97065 97066 f72bb8 97065->97066 97068 f39cb3 22 API calls 97066->97068 97071 f72bc6 97068->97071 97070 f32b2f 97078 f32b44 97070->97078 97093 f33837 97070->97093 97072 f72bf5 97071->97072 97073 f72bce 97071->97073 97076 f333c6 22 API calls 97072->97076 97107 f333c6 97073->97107 97087 f72bf1 GetForegroundWindow ShellExecuteW 97076->97087 97079 f32b5f 97078->97079 97103 f330f2 97078->97103 97086 f32b66 SetCurrentDirectoryW 97079->97086 97083 f72be7 97085 f333c6 22 API calls 97083->97085 97084 f72c26 97084->97079 97085->97087 97088 f32b7a 97086->97088 97087->97084 97117 f32cd4 7 API calls 97089->97117 97091 f32b2a 97092 f32c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97091->97092 97092->97070 97094 f33862 ___scrt_fastfail 97093->97094 97118 f34212 97094->97118 97098 f73386 Shell_NotifyIconW 97099 f33906 Shell_NotifyIconW 97122 f33923 97099->97122 97100 f338e8 97100->97098 97100->97099 97102 f3391c 97102->97078 97104 f33154 97103->97104 97105 f33104 ___scrt_fastfail 97103->97105 97104->97079 97106 f33123 Shell_NotifyIconW 97105->97106 97106->97104 97108 f730bb 97107->97108 97109 f333dd 97107->97109 97111 f4fddb 22 API calls 97108->97111 97148 f333ee 97109->97148 97113 f730c5 _wcslen 97111->97113 97112 f333e8 97116 f36350 22 API calls 97112->97116 97114 f4fe0b 22 API calls 97113->97114 97115 f730fe __fread_nolock 97114->97115 97116->97083 97117->97091 97119 f735a4 97118->97119 97120 f338b7 97118->97120 97119->97120 97121 f735ad DestroyIcon 97119->97121 97120->97100 97144 f9c874 42 API calls _strftime 97120->97144 97121->97120 97123 f3393f 97122->97123 97142 f33a13 97122->97142 97124 f36270 22 API calls 97123->97124 97125 f3394d 97124->97125 97126 f73393 LoadStringW 97125->97126 97127 f3395a 97125->97127 97130 f733ad 97126->97130 97128 f36b57 22 API calls 97127->97128 97129 f3396f 97128->97129 97131 f733c9 97129->97131 97132 f3397c 97129->97132 97138 f33994 ___scrt_fastfail 97130->97138 97146 f3a8c7 22 API calls __fread_nolock 97130->97146 97147 f36350 22 API calls 97131->97147 97132->97130 97134 f33986 97132->97134 97145 f36350 22 API calls 97134->97145 97137 f733d7 97137->97138 97139 f333c6 22 API calls 97137->97139 97140 f339f9 Shell_NotifyIconW 97138->97140 97141 f733f9 97139->97141 97140->97142 97143 f333c6 22 API calls 97141->97143 97142->97102 97143->97138 97144->97100 97145->97138 97146->97138 97147->97137 97149 f333fe _wcslen 97148->97149 97150 f33411 97149->97150 97151 f7311d 97149->97151 97158 f3a587 97150->97158 97153 f4fddb 22 API calls 97151->97153 97155 f73127 97153->97155 97154 f3341e __fread_nolock 97154->97112 97156 f4fe0b 22 API calls 97155->97156 97157 f73157 __fread_nolock 97156->97157 97159 f3a59d 97158->97159 97162 f3a598 __fread_nolock 97158->97162 97160 f4fe0b 22 API calls 97159->97160 97161 f7f80f 97159->97161 97160->97162 97161->97161 97162->97154 97163 f3dee5 97166 f3b710 97163->97166 97167 f3b72b 97166->97167 97168 f800f8 97167->97168 97169 f80146 97167->97169 97195 f3b750 97167->97195 97172 f80102 97168->97172 97175 f8010f 97168->97175 97168->97195 97208 fb58a2 348 API calls 2 library calls 97169->97208 97206 fb5d33 348 API calls 97172->97206 97192 f3ba20 97175->97192 97207 fb61d0 348 API calls 2 library calls 97175->97207 97178 f803d9 97178->97178 97179 f4d336 40 API calls 97179->97195 97182 f3ba4e 97184 f80322 97211 fb5c0c 82 API calls 97184->97211 97189 f3aceb 23 API calls 97189->97195 97191 f3bbe0 40 API calls 97191->97195 97192->97182 97212 fa359c 82 API calls __wsopen_s 97192->97212 97193 f3ec40 348 API calls 97193->97195 97195->97179 97195->97182 97195->97184 97195->97189 97195->97191 97195->97192 97195->97193 97197 f3a81b 41 API calls 97195->97197 97198 f4d2f0 40 API calls 97195->97198 97199 f4a01b 348 API calls 97195->97199 97200 f50242 5 API calls __Init_thread_wait 97195->97200 97201 f4edcd 22 API calls 97195->97201 97202 f500a3 29 API calls __onexit 97195->97202 97203 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97195->97203 97204 f4ee53 82 API calls 97195->97204 97205 f4e5ca 348 API calls 97195->97205 97209 f8f6bf 23 API calls 97195->97209 97210 f3a8c7 22 API calls __fread_nolock 97195->97210 97197->97195 97198->97195 97199->97195 97200->97195 97201->97195 97202->97195 97203->97195 97204->97195 97205->97195 97206->97175 97207->97192 97208->97195 97209->97195 97210->97195 97211->97192 97212->97178 97213 f8d3a0 97214 f8d3ab 97213->97214 97217 f8d292 97213->97217 97215 f8d3c9 97214->97215 97216 f8d3b9 GetProcAddress 97214->97216 97215->97217 97218 f8d3e4 FreeLibrary 97215->97218 97216->97215 97217->97217 97218->97217 97219 f31cad SystemParametersInfoW 97220 f8d29a 97223 f9de27 WSAStartup 97220->97223 97222 f8d2a5 97224 f9de50 gethostname gethostbyname 97223->97224 97226 f9dee6 97223->97226 97224->97226 97227 f9de73 __fread_nolock 97224->97227 97225 f9de87 97229 f9dede WSACleanup 97225->97229 97226->97222 97227->97225 97228 f9dea5 inet_ntoa 97227->97228 97230 f9debe _strcat 97228->97230 97229->97226 97232 f9ebd1 97230->97232 97233 f9ec37 97232->97233 97235 f9ebe0 _strlen 97232->97235 97233->97225 97234 f9ebef MultiByteToWideChar 97234->97233 97236 f9ec04 97234->97236 97235->97234 97237 f4fe0b 22 API calls 97236->97237 97238 f9ec20 MultiByteToWideChar 97237->97238 97238->97233 97239 f33156 97242 f33170 97239->97242 97243 f33187 97242->97243 97244 f331eb 97243->97244 97245 f3318c 97243->97245 97283 f331e9 97243->97283 97247 f331f1 97244->97247 97248 f72dfb 97244->97248 97249 f33265 PostQuitMessage 97245->97249 97250 f33199 97245->97250 97246 f331d0 DefWindowProcW 97276 f3316a 97246->97276 97251 f331f8 97247->97251 97252 f3321d SetTimer RegisterWindowMessageW 97247->97252 97297 f318e2 10 API calls 97248->97297 97249->97276 97254 f331a4 97250->97254 97255 f72e7c 97250->97255 97257 f33201 KillTimer 97251->97257 97258 f72d9c 97251->97258 97260 f33246 CreatePopupMenu 97252->97260 97252->97276 97261 f331ae 97254->97261 97262 f72e68 97254->97262 97300 f9bf30 34 API calls ___scrt_fastfail 97255->97300 97266 f330f2 Shell_NotifyIconW 97257->97266 97264 f72dd7 MoveWindow 97258->97264 97265 f72da1 97258->97265 97259 f72e1c 97298 f4e499 42 API calls 97259->97298 97260->97276 97263 f331b9 97261->97263 97274 f72e4d 97261->97274 97287 f9c161 97262->97287 97269 f331c4 97263->97269 97270 f33253 97263->97270 97264->97276 97272 f72da7 97265->97272 97273 f72dc6 SetFocus 97265->97273 97275 f33214 97266->97275 97269->97246 97284 f330f2 Shell_NotifyIconW 97269->97284 97295 f3326f 44 API calls ___scrt_fastfail 97270->97295 97271 f72e8e 97271->97246 97271->97276 97272->97269 97278 f72db0 97272->97278 97273->97276 97274->97246 97299 f90ad7 22 API calls 97274->97299 97294 f33c50 DeleteObject DestroyWindow 97275->97294 97296 f318e2 10 API calls 97278->97296 97281 f33263 97281->97276 97283->97246 97285 f72e41 97284->97285 97286 f33837 49 API calls 97285->97286 97286->97283 97288 f9c276 97287->97288 97289 f9c179 ___scrt_fastfail 97287->97289 97288->97276 97290 f33923 24 API calls 97289->97290 97292 f9c1a0 97290->97292 97291 f9c25f KillTimer SetTimer 97291->97288 97292->97291 97293 f9c251 Shell_NotifyIconW 97292->97293 97293->97291 97294->97276 97295->97281 97296->97276 97297->97259 97298->97269 97299->97283 97300->97271 97301 f8d79f 97302 f33b1c 3 API calls 97301->97302 97303 f8d7bf 97302->97303 97306 f39c6e 22 API calls 97303->97306 97305 f8d7ef 97305->97305 97306->97305 97307 f8d35f 97308 f8d30c 97307->97308 97310 f9df27 SHGetFolderPathW 97308->97310 97311 f36b57 22 API calls 97310->97311 97312 f9df54 97311->97312 97312->97308 97313 f3105b 97318 f3344d 97313->97318 97315 f3106a 97349 f500a3 29 API calls __onexit 97315->97349 97317 f31074 97319 f3345d __wsopen_s 97318->97319 97320 f3a961 22 API calls 97319->97320 97321 f33513 97320->97321 97322 f33a5a 24 API calls 97321->97322 97323 f3351c 97322->97323 97350 f33357 97323->97350 97326 f333c6 22 API calls 97327 f33535 97326->97327 97328 f3515f 22 API calls 97327->97328 97329 f33544 97328->97329 97330 f3a961 22 API calls 97329->97330 97331 f3354d 97330->97331 97332 f3a6c3 22 API calls 97331->97332 97333 f33556 RegOpenKeyExW 97332->97333 97334 f73176 RegQueryValueExW 97333->97334 97338 f33578 97333->97338 97335 f73193 97334->97335 97336 f7320c RegCloseKey 97334->97336 97337 f4fe0b 22 API calls 97335->97337 97336->97338 97344 f7321e _wcslen 97336->97344 97339 f731ac 97337->97339 97338->97315 97340 f35722 22 API calls 97339->97340 97341 f731b7 RegQueryValueExW 97340->97341 97342 f731d4 97341->97342 97345 f731ee messages 97341->97345 97343 f36b57 22 API calls 97342->97343 97343->97345 97344->97338 97346 f39cb3 22 API calls 97344->97346 97347 f3515f 22 API calls 97344->97347 97348 f34c6d 22 API calls 97344->97348 97345->97336 97346->97344 97347->97344 97348->97344 97349->97317 97351 f71f50 __wsopen_s 97350->97351 97352 f33364 GetFullPathNameW 97351->97352 97353 f33386 97352->97353 97354 f36b57 22 API calls 97353->97354 97355 f333a4 97354->97355 97355->97326 97356 fc2a55 97364 fa1ebc 97356->97364 97359 fc2a70 97366 f939c0 22 API calls 97359->97366 97360 fc2a87 97362 fc2a7c 97367 f9417d 22 API calls __fread_nolock 97362->97367 97365 fa1ec3 IsWindow 97364->97365 97365->97359 97365->97360 97366->97362 97367->97360 97368 f31098 97373 f342de 97368->97373 97372 f310a7 97374 f3a961 22 API calls 97373->97374 97375 f342f5 GetVersionExW 97374->97375 97376 f36b57 22 API calls 97375->97376 97377 f34342 97376->97377 97378 f393b2 22 API calls 97377->97378 97387 f34378 97377->97387 97379 f3436c 97378->97379 97381 f337a0 22 API calls 97379->97381 97380 f3441b GetCurrentProcess IsWow64Process 97382 f34437 97380->97382 97381->97387 97383 f73824 GetSystemInfo 97382->97383 97384 f3444f LoadLibraryA 97382->97384 97385 f34460 GetProcAddress 97384->97385 97386 f3449c GetSystemInfo 97384->97386 97385->97386 97389 f34470 GetNativeSystemInfo 97385->97389 97390 f34476 97386->97390 97387->97380 97388 f737df 97387->97388 97389->97390 97391 f3109d 97390->97391 97392 f3447a FreeLibrary 97390->97392 97393 f500a3 29 API calls __onexit 97391->97393 97392->97391 97393->97372 97394 f4f698 97395 f4f6a2 97394->97395 97396 f4f6c3 97394->97396 97403 f3af8a 97395->97403 97402 f8f2f8 97396->97402 97411 f94d4a 22 API calls messages 97396->97411 97399 f4f6b2 97400 f3af8a 22 API calls 97399->97400 97401 f4f6c2 97400->97401 97404 f3afc0 messages 97403->97404 97405 f3af98 97403->97405 97404->97399 97406 f3af8a 22 API calls 97405->97406 97407 f3afa6 97405->97407 97406->97407 97408 f3afac 97407->97408 97409 f3af8a 22 API calls 97407->97409 97408->97404 97410 f3b090 22 API calls 97408->97410 97409->97408 97410->97404 97411->97396 97412 f8d255 97413 f33b1c 3 API calls 97412->97413 97414 f8d275 97413->97414 97414->97414 97415 f68402 97420 f681be 97415->97420 97418 f6842a 97425 f681ef try_get_first_available_module 97420->97425 97422 f683ee 97439 f627ec 26 API calls pre_c_initialization 97422->97439 97424 f68343 97424->97418 97432 f70984 97424->97432 97428 f68338 97425->97428 97435 f58e0b 40 API calls 2 library calls 97425->97435 97427 f6838c 97427->97428 97436 f58e0b 40 API calls 2 library calls 97427->97436 97428->97424 97438 f5f2d9 20 API calls __dosmaperr 97428->97438 97430 f683ab 97430->97428 97437 f58e0b 40 API calls 2 library calls 97430->97437 97440 f70081 97432->97440 97434 f7099f 97434->97418 97435->97427 97436->97430 97437->97428 97438->97422 97439->97424 97441 f7008d __FrameHandler3::FrameUnwindToState 97440->97441 97442 f7009b 97441->97442 97445 f700d4 97441->97445 97498 f5f2d9 20 API calls __dosmaperr 97442->97498 97444 f700a0 97499 f627ec 26 API calls pre_c_initialization 97444->97499 97451 f7065b 97445->97451 97450 f700aa __wsopen_s 97450->97434 97501 f7042f 97451->97501 97454 f706a6 97519 f65221 97454->97519 97455 f7068d 97533 f5f2c6 20 API calls __dosmaperr 97455->97533 97458 f70692 97534 f5f2d9 20 API calls __dosmaperr 97458->97534 97459 f706ab 97460 f706b4 97459->97460 97461 f706cb 97459->97461 97535 f5f2c6 20 API calls __dosmaperr 97460->97535 97532 f7039a CreateFileW 97461->97532 97465 f706b9 97536 f5f2d9 20 API calls __dosmaperr 97465->97536 97466 f700f8 97500 f70121 LeaveCriticalSection __wsopen_s 97466->97500 97468 f70781 GetFileType 97470 f707d3 97468->97470 97471 f7078c GetLastError 97468->97471 97469 f70756 GetLastError 97538 f5f2a3 20 API calls __dosmaperr 97469->97538 97541 f6516a 21 API calls 2 library calls 97470->97541 97539 f5f2a3 20 API calls __dosmaperr 97471->97539 97473 f70704 97473->97468 97473->97469 97537 f7039a CreateFileW 97473->97537 97475 f7079a CloseHandle 97475->97458 97477 f707c3 97475->97477 97540 f5f2d9 20 API calls __dosmaperr 97477->97540 97479 f70749 97479->97468 97479->97469 97481 f707f4 97483 f70840 97481->97483 97542 f705ab 72 API calls 3 library calls 97481->97542 97482 f707c8 97482->97458 97488 f7086d 97483->97488 97543 f7014d 72 API calls 4 library calls 97483->97543 97486 f70866 97487 f7087e 97486->97487 97486->97488 97487->97466 97490 f708fc CloseHandle 97487->97490 97489 f686ae __wsopen_s 29 API calls 97488->97489 97489->97466 97544 f7039a CreateFileW 97490->97544 97492 f70927 97493 f7095d 97492->97493 97494 f70931 GetLastError 97492->97494 97493->97466 97545 f5f2a3 20 API calls __dosmaperr 97494->97545 97496 f7093d 97546 f65333 21 API calls 2 library calls 97496->97546 97498->97444 97499->97450 97500->97450 97502 f7046a 97501->97502 97503 f70450 97501->97503 97547 f703bf 97502->97547 97503->97502 97554 f5f2d9 20 API calls __dosmaperr 97503->97554 97506 f7045f 97555 f627ec 26 API calls pre_c_initialization 97506->97555 97508 f704a2 97509 f704d1 97508->97509 97556 f5f2d9 20 API calls __dosmaperr 97508->97556 97512 f70524 97509->97512 97558 f5d70d 26 API calls 2 library calls 97509->97558 97512->97454 97512->97455 97513 f7051f 97513->97512 97515 f7059e 97513->97515 97514 f704c6 97557 f627ec 26 API calls pre_c_initialization 97514->97557 97559 f627fc 11 API calls _abort 97515->97559 97518 f705aa 97520 f6522d __FrameHandler3::FrameUnwindToState 97519->97520 97562 f62f5e EnterCriticalSection 97520->97562 97522 f65234 97524 f65259 97522->97524 97528 f652c7 EnterCriticalSection 97522->97528 97530 f6527b 97522->97530 97566 f65000 21 API calls 3 library calls 97524->97566 97525 f652a4 __wsopen_s 97525->97459 97527 f6525e 97527->97530 97567 f65147 EnterCriticalSection 97527->97567 97529 f652d4 LeaveCriticalSection 97528->97529 97528->97530 97529->97522 97563 f6532a 97530->97563 97532->97473 97533->97458 97534->97466 97535->97465 97536->97458 97537->97479 97538->97458 97539->97475 97540->97482 97541->97481 97542->97483 97543->97486 97544->97492 97545->97496 97546->97493 97550 f703d7 97547->97550 97548 f703f2 97548->97508 97550->97548 97560 f5f2d9 20 API calls __dosmaperr 97550->97560 97551 f70416 97561 f627ec 26 API calls pre_c_initialization 97551->97561 97553 f70421 97553->97508 97554->97506 97555->97502 97556->97514 97557->97509 97558->97513 97559->97518 97560->97551 97561->97553 97562->97522 97568 f62fa6 LeaveCriticalSection 97563->97568 97565 f65331 97565->97525 97566->97527 97567->97530 97568->97565 97569 f72402 97572 f31410 97569->97572 97573 f3144f mciSendStringW 97572->97573 97574 f724b8 DestroyWindow 97572->97574 97575 f316c6 97573->97575 97576 f3146b 97573->97576 97577 f724c4 97574->97577 97575->97576 97579 f316d5 UnregisterHotKey 97575->97579 97576->97577 97578 f31479 97576->97578 97581 f724e2 FindClose 97577->97581 97585 f724d8 97577->97585 97587 f72509 97577->97587 97605 f3182e 97578->97605 97579->97575 97581->97577 97584 f3148e 97586 f7252d 97584->97586 97595 f3149c 97584->97595 97585->97577 97611 f36246 CloseHandle 97585->97611 97589 f72541 VirtualFree 97586->97589 97596 f31509 97586->97596 97587->97586 97588 f7251c FreeLibrary 97587->97588 97588->97587 97589->97586 97590 f314f8 CoUninitialize 97590->97596 97591 f31514 97593 f31524 97591->97593 97592 f72589 97598 f72598 messages 97592->97598 97612 fa32eb 6 API calls messages 97592->97612 97609 f31944 VirtualFreeEx CloseHandle 97593->97609 97595->97590 97596->97591 97596->97592 97601 f72627 97598->97601 97613 f964d4 22 API calls messages 97598->97613 97600 f3153a 97600->97598 97602 f3161f 97600->97602 97601->97601 97602->97601 97610 f31876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97602->97610 97604 f316c1 97607 f3183b 97605->97607 97606 f31480 97606->97584 97606->97587 97607->97606 97614 f9702a 22 API calls 97607->97614 97609->97600 97610->97604 97611->97585 97612->97592 97613->97598 97614->97607 97615 f31044 97620 f310f3 97615->97620 97617 f3104a 97656 f500a3 29 API calls __onexit 97617->97656 97619 f31054 97657 f31398 97620->97657 97624 f3116a 97625 f3a961 22 API calls 97624->97625 97626 f31174 97625->97626 97627 f3a961 22 API calls 97626->97627 97628 f3117e 97627->97628 97629 f3a961 22 API calls 97628->97629 97630 f31188 97629->97630 97631 f3a961 22 API calls 97630->97631 97632 f311c6 97631->97632 97633 f3a961 22 API calls 97632->97633 97634 f31292 97633->97634 97667 f3171c 97634->97667 97638 f312c4 97639 f3a961 22 API calls 97638->97639 97640 f312ce 97639->97640 97641 f41940 9 API calls 97640->97641 97642 f312f9 97641->97642 97688 f31aab 97642->97688 97644 f31315 97645 f31325 GetStdHandle 97644->97645 97646 f72485 97645->97646 97648 f3137a 97645->97648 97647 f7248e 97646->97647 97646->97648 97649 f4fddb 22 API calls 97647->97649 97650 f31387 OleInitialize 97648->97650 97651 f72495 97649->97651 97650->97617 97695 fa011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97651->97695 97653 f7249e 97696 fa0944 CreateThread 97653->97696 97655 f724aa CloseHandle 97655->97648 97656->97619 97697 f313f1 97657->97697 97660 f313f1 22 API calls 97661 f313d0 97660->97661 97662 f3a961 22 API calls 97661->97662 97663 f313dc 97662->97663 97664 f36b57 22 API calls 97663->97664 97665 f31129 97664->97665 97666 f31bc3 6 API calls 97665->97666 97666->97624 97668 f3a961 22 API calls 97667->97668 97669 f3172c 97668->97669 97670 f3a961 22 API calls 97669->97670 97671 f31734 97670->97671 97672 f3a961 22 API calls 97671->97672 97673 f3174f 97672->97673 97674 f4fddb 22 API calls 97673->97674 97675 f3129c 97674->97675 97676 f31b4a 97675->97676 97677 f31b58 97676->97677 97678 f3a961 22 API calls 97677->97678 97679 f31b63 97678->97679 97680 f3a961 22 API calls 97679->97680 97681 f31b6e 97680->97681 97682 f3a961 22 API calls 97681->97682 97683 f31b79 97682->97683 97684 f3a961 22 API calls 97683->97684 97685 f31b84 97684->97685 97686 f4fddb 22 API calls 97685->97686 97687 f31b96 RegisterWindowMessageW 97686->97687 97687->97638 97689 f31abb 97688->97689 97690 f7272d 97688->97690 97692 f4fddb 22 API calls 97689->97692 97704 fa3209 23 API calls 97690->97704 97693 f31ac3 97692->97693 97693->97644 97694 f72738 97695->97653 97696->97655 97705 fa092a 28 API calls 97696->97705 97698 f3a961 22 API calls 97697->97698 97699 f313fc 97698->97699 97700 f3a961 22 API calls 97699->97700 97701 f31404 97700->97701 97702 f3a961 22 API calls 97701->97702 97703 f313c6 97702->97703 97703->97660 97704->97694 97706 f82a00 97707 f3d7b0 messages 97706->97707 97708 f3db11 PeekMessageW 97707->97708 97709 f3d807 GetInputState 97707->97709 97711 f81cbe TranslateAcceleratorW 97707->97711 97712 f3da04 timeGetTime 97707->97712 97713 f3db73 TranslateMessage DispatchMessageW 97707->97713 97714 f3db8f PeekMessageW 97707->97714 97715 f3dbaf Sleep 97707->97715 97716 f82b74 Sleep 97707->97716 97719 f81dda timeGetTime 97707->97719 97727 f3d9d5 97707->97727 97731 f82a51 97707->97731 97734 f3ec40 348 API calls 97707->97734 97735 f41310 348 API calls 97707->97735 97736 f3bf40 348 API calls 97707->97736 97738 f3dd50 97707->97738 97745 f3dfd0 97707->97745 97768 f4edf6 97707->97768 97773 f4e551 timeGetTime 97707->97773 97775 fa3a2a 23 API calls 97707->97775 97776 fa359c 82 API calls __wsopen_s 97707->97776 97708->97707 97709->97707 97709->97708 97711->97707 97712->97707 97713->97714 97714->97707 97715->97707 97716->97731 97774 f4e300 23 API calls 97719->97774 97721 f9d4dc 47 API calls 97721->97731 97722 f82c0b GetExitCodeProcess 97723 f82c21 WaitForSingleObject 97722->97723 97724 f82c37 CloseHandle 97722->97724 97723->97707 97723->97724 97724->97731 97725 fc29bf GetForegroundWindow 97725->97731 97728 f82ca9 Sleep 97728->97707 97731->97707 97731->97721 97731->97722 97731->97725 97731->97727 97731->97728 97777 fb5658 23 API calls 97731->97777 97778 f9e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97731->97778 97779 f4e551 timeGetTime 97731->97779 97734->97707 97735->97707 97736->97707 97739 f3dd83 97738->97739 97740 f3dd6f 97738->97740 97812 fa359c 82 API calls __wsopen_s 97739->97812 97780 f3d260 97740->97780 97743 f3dd7a 97743->97707 97744 f82f75 97744->97744 97746 f3e010 97745->97746 97756 f3e0dc messages 97746->97756 97822 f50242 5 API calls __Init_thread_wait 97746->97822 97749 f82fca 97751 f3a961 22 API calls 97749->97751 97749->97756 97750 f3a961 22 API calls 97750->97756 97752 f82fe4 97751->97752 97823 f500a3 29 API calls __onexit 97752->97823 97756->97750 97760 f3ec40 348 API calls 97756->97760 97763 f3e3e1 97756->97763 97764 f404f0 22 API calls 97756->97764 97765 fa359c 82 API calls 97756->97765 97819 f3a8c7 22 API calls __fread_nolock 97756->97819 97820 f3a81b 41 API calls 97756->97820 97821 f4a308 348 API calls 97756->97821 97825 f50242 5 API calls __Init_thread_wait 97756->97825 97826 f500a3 29 API calls __onexit 97756->97826 97827 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97756->97827 97828 fb47d4 348 API calls 97756->97828 97829 fb68c1 348 API calls 97756->97829 97757 f82fee 97824 f501f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97757->97824 97760->97756 97763->97707 97764->97756 97765->97756 97770 f4ee09 97768->97770 97772 f4ee12 97768->97772 97769 f4ee36 IsDialogMessageW 97769->97770 97769->97772 97770->97707 97771 f8efaf GetClassLongW 97771->97769 97771->97772 97772->97769 97772->97770 97772->97771 97773->97707 97774->97707 97775->97707 97776->97707 97777->97731 97778->97731 97779->97731 97781 f3ec40 348 API calls 97780->97781 97784 f3d29d 97781->97784 97783 f3d30b messages 97783->97743 97784->97783 97785 f3d6d5 97784->97785 97786 f3d3c3 97784->97786 97792 f3d4b8 97784->97792 97795 f4fddb 22 API calls 97784->97795 97798 f81bc4 97784->97798 97807 f3d429 __fread_nolock messages 97784->97807 97785->97783 97796 f4fe0b 22 API calls 97785->97796 97786->97785 97788 f3d3ce 97786->97788 97787 f3d5ff 97789 f3d614 97787->97789 97790 f81bb5 97787->97790 97791 f4fddb 22 API calls 97788->97791 97793 f4fddb 22 API calls 97789->97793 97817 fb5705 23 API calls 97790->97817 97800 f3d3d5 __fread_nolock 97791->97800 97797 f4fe0b 22 API calls 97792->97797 97804 f3d46a 97793->97804 97795->97784 97796->97800 97797->97807 97818 fa359c 82 API calls __wsopen_s 97798->97818 97799 f4fddb 22 API calls 97801 f3d3f6 97799->97801 97800->97799 97800->97801 97801->97807 97813 f3bec0 348 API calls 97801->97813 97803 f81ba4 97816 fa359c 82 API calls __wsopen_s 97803->97816 97804->97743 97806 f31f6f 348 API calls 97806->97807 97807->97787 97807->97803 97807->97804 97807->97806 97808 f81b7f 97807->97808 97810 f81b5d 97807->97810 97815 fa359c 82 API calls __wsopen_s 97808->97815 97814 fa359c 82 API calls __wsopen_s 97810->97814 97812->97744 97813->97807 97814->97804 97815->97804 97816->97804 97817->97798 97818->97783 97819->97756 97820->97756 97821->97756 97822->97749 97823->97757 97824->97756 97825->97756 97826->97756 97827->97756 97828->97756 97829->97756

                                                                                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F342DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 389 f342de-f3434d call f3a961 GetVersionExW call f36b57 394 f73617-f7362a 389->394 395 f34353 389->395 397 f7362b-f7362f 394->397 396 f34355-f34357 395->396 398 f73656 396->398 399 f3435d-f343bc call f393b2 call f337a0 396->399 400 f73632-f7363e 397->400 401 f73631 397->401 405 f7365d-f73660 398->405 418 f343c2-f343c4 399->418 419 f737df-f737e6 399->419 400->397 402 f73640-f73642 400->402 401->400 402->396 404 f73648-f7364f 402->404 404->394 407 f73651 404->407 408 f73666-f736a8 405->408 409 f3441b-f34435 GetCurrentProcess IsWow64Process 405->409 407->398 408->409 413 f736ae-f736b1 408->413 411 f34437 409->411 412 f34494-f3449a 409->412 415 f3443d-f34449 411->415 412->415 416 f736b3-f736bd 413->416 417 f736db-f736e5 413->417 420 f73824-f73828 GetSystemInfo 415->420 421 f3444f-f3445e LoadLibraryA 415->421 422 f736bf-f736c5 416->422 423 f736ca-f736d6 416->423 425 f736e7-f736f3 417->425 426 f736f8-f73702 417->426 418->405 424 f343ca-f343dd 418->424 427 f73806-f73809 419->427 428 f737e8 419->428 431 f34460-f3446e GetProcAddress 421->431 432 f3449c-f344a6 GetSystemInfo 421->432 422->409 423->409 433 f343e3-f343e5 424->433 434 f73726-f7372f 424->434 425->409 436 f73715-f73721 426->436 437 f73704-f73710 426->437 429 f737f4-f737fc 427->429 430 f7380b-f7381a 427->430 435 f737ee 428->435 429->427 430->435 440 f7381c-f73822 430->440 431->432 441 f34470-f34474 GetNativeSystemInfo 431->441 442 f34476-f34478 432->442 443 f343eb-f343ee 433->443 444 f7374d-f73762 433->444 438 f73731-f73737 434->438 439 f7373c-f73748 434->439 435->429 436->409 437->409 438->409 439->409 440->429 441->442 447 f34481-f34493 442->447 448 f3447a-f3447b FreeLibrary 442->448 449 f73791-f73794 443->449 450 f343f4-f3440f 443->450 445 f73764-f7376a 444->445 446 f7376f-f7377b 444->446 445->409 446->409 448->447 449->409 453 f7379a-f737c1 449->453 451 f34415 450->451 452 f73780-f7378c 450->452 451->409 452->409 454 f737c3-f737c9 453->454 455 f737ce-f737da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00F3430D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00FCCB64,00000000,?,?), ref: 00F34422
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsWow64Process.KERNEL32(00000000,?,?), ref: 00F34429
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00F34454
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00F34466
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00F34474
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?), ref: 00F3447B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,?), ref: 00F344A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0a5a52d796d63c77a1e206cec95601a674d7ab1e1deb44d5a01dfb9f425ef548
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: add7625ddb78165541183081c440a07b09569081b8cbdc3b62eb43e7702d08f5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a5a52d796d63c77a1e206cec95601a674d7ab1e1deb44d5a01dfb9f425ef548
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DA1B772D0E2C0DFC737C769B4816957FA47B26314F08D4A9E4C5A3A0AD23AD505FBA2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F342A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 1770 f342a2-f342ba CreateStreamOnHGlobal 1771 f342da-f342dd 1770->1771 1772 f342bc-f342d3 FindResourceExW 1770->1772 1773 f342d9 1772->1773 1774 f735ba-f735c9 LoadResource 1772->1774 1773->1771 1774->1773 1775 f735cf-f735dd SizeofResource 1774->1775 1775->1773 1776 f735e3-f735ee LockResource 1775->1776 1776->1773 1777 f735f4-f73612 1776->1777 1777->1773
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00F350AA,?,?,00000000,00000000), ref: 00F342B2
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00F350AA,?,?,00000000,00000000), ref: 00F342C9
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000,?,?,00F350AA,?,?,00000000,00000000,?,?,?,?,?,?,00F34F20), ref: 00F735BE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000,?,?,00F350AA,?,?,00000000,00000000,?,?,?,?,?,?,00F34F20), ref: 00F735D3
                                                                                                                                                                                                                                                                                                                                                                                                                  • LockResource.KERNEL32(00F350AA,?,?,00F350AA,?,?,00000000,00000000,?,?,?,?,?,?,00F34F20,?), ref: 00F735E6
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a0aadf03291d813e491f98e1fee12d2a54ac37171b742750b0b338bd98b5822a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b320c983f3fdf10c8e5d0c333f4145b5b0024f30103527a569e19fde8130fe7f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0aadf03291d813e491f98e1fee12d2a54ac37171b742750b0b338bd98b5822a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4811AC70600305BFD7218BA6DD49F677BBDEBC6B61F148169F41696290DB71EC00AA70
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F72BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00F32B6B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01001418,?,00F32E7F,?,?,?,00000000), ref: 00F33A78
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,?,?,00FF2224), ref: 00F72C10
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,?,?,00FF2224), ref: 00F72C17
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c55015ada0b7aef8c3be1c3b813d9b8196ce7ed713e0cd613c27b191e4493e20
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 06dc227dbbce5af65847008605180aeaa04927a10a6eac253831f96ecb3b425c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c55015ada0b7aef8c3be1c3b813d9b8196ce7ed713e0cd613c27b191e4493e20
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8511EE316083456AC719FF60DC429BEBBA4AFD1370F44542DF286030A2CFB98A0AF712
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00F9D501
                                                                                                                                                                                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00F9D50F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00F9D52F
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F9D5DC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2ebc3bda44476cb4995eaabe391839b9d0b2850b133ccec874c7adc05233b6f6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b480a7dcbcd31ad065d48cf73f78da5fd6c4033d5d583559a1c02ec4f9b1769d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ebc3bda44476cb4995eaabe391839b9d0b2850b133ccec874c7adc05233b6f6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C53193711083009FD700EF54CC81AAFBBE8EFD9364F54092DF585871A1EBB19949EB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00F75222), ref: 00F9DBCE
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00F9DBDD
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00F9DBEE
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00F9DBFA
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 75fffdaff9b0ad083fba0081a6501b32186d731eaa8d14ec11aadfb397bc611d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8d47973c52c62b1c523973df89bb50420c6e60a374bc1d33ebbc8db4de432834
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75fffdaff9b0ad083fba0081a6501b32186d731eaa8d14ec11aadfb397bc611d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF0E531810918579B206F7CEE0ECAA776C9E01334B244702F83AC30F0EBB05D55EAD5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d40b073e54bc2aa37d24d9c43ed005dfb1834f2e07e27fff0907c3f6b23d0bac
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 31203d498f5cfe12c2427302e164e10b8d4915e3da72cbf3302a72d895cd4282
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d40b073e54bc2aa37d24d9c43ed005dfb1834f2e07e27fff0907c3f6b23d0bac
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80D06262C49119F9CB50BAD4DD4AEF9B77CEF59341F508452FD0AD2080D628D5487761
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F54CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00F628E9,?,00F54CBE,00F628E9,00FF88B8,0000000C,00F54E15,00F628E9,00000002,00000000,?,00F628E9), ref: 00F54D09
                                                                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00F54CBE,00F628E9,00FF88B8,0000000C,00F54E15,00F628E9,00000002,00000000,?,00F628E9), ref: 00F54D10
                                                                                                                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00F54D22
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 570357bd04352184225b5c1956ea6cc634ad48091d85f4c342d496ede00e59a4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8eed791bf6e56a8e43d58c724d6483611a38a1c6b5fa293ec39c1b3ceaf7f569
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 570357bd04352184225b5c1956ea6cc634ad48091d85f4c342d496ede00e59a4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFE0B631800148ABCF11AF54EE0AE583B79FB41796B144018FD098B122CB3AED86EA90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32(?,?), ref: 00F8D28C
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fa63bfafea569ae8f68cd65697c7dec05111c013a0c5c4c7c9d7ecfd28ccd59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8affc8792f5aa33faeba8ff73963a464c8ab88c62b45b373dcb90dfedea52fe6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fa63bfafea569ae8f68cd65697c7dec05111c013a0c5c4c7c9d7ecfd28ccd59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36D0CAB680112DEACB94DBA0EC89EDAB7BCBB04305F100292F50AE2040DB309648AF20
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 fbaff9-fbb056 call f52340 3 fbb058-fbb06b call f3b567 0->3 4 fbb094-fbb098 0->4 12 fbb0c8 3->12 13 fbb06d-fbb092 call f3b567 * 2 3->13 6 fbb09a-fbb0bb call f3b567 * 2 4->6 7 fbb0dd-fbb0e0 4->7 29 fbb0bf-fbb0c4 6->29 9 fbb0e2-fbb0e5 7->9 10 fbb0f5-fbb119 call f37510 call f37620 7->10 14 fbb0e8-fbb0ed call f3b567 9->14 31 fbb1d8-fbb1e0 10->31 32 fbb11f-fbb178 call f37510 call f37620 call f37510 call f37620 call f37510 call f37620 10->32 17 fbb0cb-fbb0cf 12->17 13->29 14->10 23 fbb0d9-fbb0db 17->23 24 fbb0d1-fbb0d7 17->24 23->7 23->10 24->14 29->7 33 fbb0c6 29->33 36 fbb20a-fbb238 GetCurrentDirectoryW call f4fe0b GetCurrentDirectoryW 31->36 37 fbb1e2-fbb1fd call f37510 call f37620 31->37 82 fbb17a-fbb195 call f37510 call f37620 32->82 83 fbb1a6-fbb1d6 GetSystemDirectoryW call f4fe0b GetSystemDirectoryW 32->83 33->17 45 fbb23c 36->45 37->36 53 fbb1ff-fbb208 call f54963 37->53 48 fbb240-fbb244 45->48 51 fbb246-fbb270 call f39c6e * 3 48->51 52 fbb275-fbb285 call fa00d9 48->52 51->52 62 fbb28b-fbb2e1 call fa07c0 call fa06e6 call fa05a7 52->62 63 fbb287-fbb289 52->63 53->36 53->52 66 fbb2ee-fbb2f2 62->66 98 fbb2e3 62->98 63->66 71 fbb39a-fbb3be CreateProcessW 66->71 72 fbb2f8-fbb321 call f911c8 66->72 76 fbb3c1-fbb3d4 call f4fe14 * 2 71->76 87 fbb32a call f914ce 72->87 88 fbb323-fbb328 call f91201 72->88 103 fbb42f-fbb43d CloseHandle 76->103 104 fbb3d6-fbb3e8 76->104 82->83 105 fbb197-fbb1a0 call f54963 82->105 83->45 97 fbb32f-fbb33c call f54963 87->97 88->97 113 fbb33e-fbb345 97->113 114 fbb347-fbb357 call f54963 97->114 98->66 107 fbb43f-fbb444 103->107 108 fbb49c 103->108 109 fbb3ea 104->109 110 fbb3ed-fbb3fc 104->110 105->48 105->83 115 fbb451-fbb456 107->115 116 fbb446-fbb44c CloseHandle 107->116 111 fbb4a0-fbb4a4 108->111 109->110 117 fbb3fe 110->117 118 fbb401-fbb42a GetLastError call f3630c call f3cfa0 110->118 120 fbb4b2-fbb4bc 111->120 121 fbb4a6-fbb4b0 111->121 113->113 113->114 136 fbb359-fbb360 114->136 137 fbb362-fbb372 call f54963 114->137 124 fbb458-fbb45e CloseHandle 115->124 125 fbb463-fbb468 115->125 116->115 117->118 127 fbb4e5-fbb4f6 call fa0175 118->127 128 fbb4be 120->128 129 fbb4c4-fbb4e3 call f3cfa0 CloseHandle 120->129 121->127 124->125 131 fbb46a-fbb470 CloseHandle 125->131 132 fbb475-fbb49a call fa09d9 call fbb536 125->132 128->129 129->127 131->132 132->111 136->136 136->137 146 fbb37d-fbb398 call f4fe14 * 3 137->146 147 fbb374-fbb37b 137->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBB198
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00FBB1B0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00FBB1D4
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBB200
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00FBB214
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00FBB236
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBB332
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FA05A7: GetStdHandle.KERNEL32(000000F6), ref: 00FA05C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBB34B
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBB366
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00FBB3B6
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00FBB407
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00FBB439
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FBB44A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FBB45C
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FBB46E
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00FBB4E3
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1ebbf0ea4533d7f526ce425f16b563ae9a068d7f9e2fa20eb9b5b54307557e98
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ab12c387c357484ad5410bcbe329366d93a58aa8c4e0962813b340e5e65857e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ebbf0ea4533d7f526ce425f16b563ae9a068d7f9e2fa20eb9b5b54307557e98
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10F19F719083409FC714EF25C891B6EBBE1AF85324F18855DF8998B2A2CB75EC44EF52
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3D730 Relevance: 21.6, APIs: 14, Instructions: 624windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetInputState.USER32 ref: 00F3D807
                                                                                                                                                                                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 00F3DA07
                                                                                                                                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F3DB28
                                                                                                                                                                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00F3DB7B
                                                                                                                                                                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00F3DB89
                                                                                                                                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F3DB9F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00F3DBB1
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fcf0d50be4fe370bb5e020c776f2201a885d930deba10aa50134a406c06a4433
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aaacc5dfc895d87314675e65a416cc66ea18f6ea4d85b9c53e1aab06f82718de
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcf0d50be4fe370bb5e020c776f2201a885d930deba10aa50134a406c06a4433
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4421231A08341DFD729DF24D884BAABBE0FF85324F14465DE89687291D779E844FB82
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F32CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00F32D07
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00F32D31
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F32D42
                                                                                                                                                                                                                                                                                                                                                                                                                  • InitCommonControlsEx.COMCTL32(?), ref: 00F32D5F
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F32D6F
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A9), ref: 00F32D85
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F32D94
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 802c25cefd9cdd853e79b0c48f254e529e5763393423b15a69e23185a39db160
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bc9cf779ac6d22711aeb623701922bf92e7c203ce22372a7fcb07c0e9c706fdd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 802c25cefd9cdd853e79b0c48f254e529e5763393423b15a69e23185a39db160
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB21EFB1D41308AFDB11DFA4E98AB9DBBB4FB08700F00811AFA55A7290D7BA85449F91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F7065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 457 f7065b-f7068b call f7042f 460 f706a6-f706b2 call f65221 457->460 461 f7068d-f70698 call f5f2c6 457->461 467 f706b4-f706c9 call f5f2c6 call f5f2d9 460->467 468 f706cb-f70714 call f7039a 460->468 466 f7069a-f706a1 call f5f2d9 461->466 478 f7097d-f70983 466->478 467->466 476 f70716-f7071f 468->476 477 f70781-f7078a GetFileType 468->477 480 f70756-f7077c GetLastError call f5f2a3 476->480 481 f70721-f70725 476->481 482 f707d3-f707d6 477->482 483 f7078c-f707bd GetLastError call f5f2a3 CloseHandle 477->483 480->466 481->480 487 f70727-f70754 call f7039a 481->487 485 f707df-f707e5 482->485 486 f707d8-f707dd 482->486 483->466 494 f707c3-f707ce call f5f2d9 483->494 490 f707e9-f70837 call f6516a 485->490 491 f707e7 485->491 486->490 487->477 487->480 500 f70847-f7086b call f7014d 490->500 501 f70839-f70845 call f705ab 490->501 491->490 494->466 506 f7087e-f708c1 500->506 507 f7086d 500->507 501->500 508 f7086f-f70879 call f686ae 501->508 510 f708c3-f708c7 506->510 511 f708e2-f708f0 506->511 507->508 508->478 510->511 513 f708c9-f708dd 510->513 514 f708f6-f708fa 511->514 515 f7097b 511->515 513->511 514->515 516 f708fc-f7092f CloseHandle call f7039a 514->516 515->478 519 f70963-f70977 516->519 520 f70931-f7095d GetLastError call f5f2a3 call f65333 516->520 519->515 520->519
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F7039A: CreateFileW.KERNEL32(00000000,00000000,?,00F70704,?,?,00000000,?,00F70704,00000000,0000000C), ref: 00F703B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F7076F
                                                                                                                                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00F70776
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 00F70782
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F7078C
                                                                                                                                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00F70795
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F707B5
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F708FF
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F70931
                                                                                                                                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00F70938
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fcc1eeb2a9753278cf998d619bf9290162a5f14c621780bbcee1e98cde91ff4b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4aec7dbcd386d61b678fe6049ff4b85c65e0f7bdc02ccffec7d745c14f64a1d0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcc1eeb2a9753278cf998d619bf9290162a5f14c621780bbcee1e98cde91ff4b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15A12732A101488FDF19AF68DC51BAD3BA0AF46320F14815EF8599B391DB359C17EB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01001418,?,00F32E7F,?,?,?,00000000), ref: 00F33A78
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F33379
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00F3356A
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00F7318D
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00F731CE
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00F73210
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F73277
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F73286
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a343c210a67250ddacd6118b5f974025064d7779da6d527e7945bee2602def95
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 815a572f4d887de613ad4c38b979fc2d12872018d7f32451026ac883e5606527
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a343c210a67250ddacd6118b5f974025064d7779da6d527e7945bee2602def95
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3171E3714083019EC315EF25DC86D5BBBE8FF84350F40882EF589D31A5EB799A48EB52
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F32B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00F32B8E
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00F32B9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00F32BB3
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A4), ref: 00F32BC5
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadIconW.USER32(000000A2), ref: 00F32BD7
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00F32BEF
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00F32C40
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: GetSysColorBrush.USER32(0000000F), ref: 00F32D07
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: RegisterClassExW.USER32(00000030), ref: 00F32D31
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F32D42
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: InitCommonControlsEx.COMCTL32(?), ref: 00F32D5F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F32D6F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: LoadIconW.USER32(000000A9), ref: 00F32D85
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F32D94
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 81bfc708a1ed330c6bf990dc081238a5c50aa820fac619a40720dbfe4399ca15
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 01c68936d0e0e64f103438c93bb2f37c41aa85e246aa7d053951dd92085c4737
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81bfc708a1ed330c6bf990dc081238a5c50aa820fac619a40720dbfe4399ca15
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75214970E00318ABDB229FA5ED49BA97FF5FB48B50F04801AF644A7694D7BA8540DF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F33170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 598 f33170-f33185 599 f33187-f3318a 598->599 600 f331e5-f331e7 598->600 602 f331eb 599->602 603 f3318c-f33193 599->603 600->599 601 f331e9 600->601 604 f331d0-f331d8 DefWindowProcW 601->604 605 f331f1-f331f6 602->605 606 f72dfb-f72e23 call f318e2 call f4e499 602->606 607 f33265-f3326d PostQuitMessage 603->607 608 f33199-f3319e 603->608 609 f331de-f331e4 604->609 611 f331f8-f331fb 605->611 612 f3321d-f33244 SetTimer RegisterWindowMessageW 605->612 641 f72e28-f72e2f 606->641 610 f33219-f3321b 607->610 614 f331a4-f331a8 608->614 615 f72e7c-f72e90 call f9bf30 608->615 610->609 617 f33201-f3320f KillTimer call f330f2 611->617 618 f72d9c-f72d9f 611->618 612->610 620 f33246-f33251 CreatePopupMenu 612->620 621 f331ae-f331b3 614->621 622 f72e68-f72e72 call f9c161 614->622 615->610 634 f72e96 615->634 638 f33214 call f33c50 617->638 626 f72dd7-f72df6 MoveWindow 618->626 627 f72da1-f72da5 618->627 620->610 623 f72e4d-f72e54 621->623 624 f331b9-f331be 621->624 639 f72e77 622->639 623->604 637 f72e5a-f72e63 call f90ad7 623->637 632 f33253-f33263 call f3326f 624->632 633 f331c4-f331ca 624->633 626->610 635 f72da7-f72daa 627->635 636 f72dc6-f72dd2 SetFocus 627->636 632->610 633->604 633->641 634->604 635->633 642 f72db0-f72dc1 call f318e2 635->642 636->610 637->604 638->610 639->610 641->604 646 f72e35-f72e48 call f330f2 call f33837 641->646 642->610 646->604
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00F3316A,?,?), ref: 00F331D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?,?,?,?,00F3316A,?,?), ref: 00F33204
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F33227
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00F3316A,?,?), ref: 00F33232
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00F33246
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 00F33267
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c2427596567a8ea4b010e6ed8bc190b683e7e2764f113a03dfee431247d47b85
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c5f0ff3d44bf6a227ba1601ebb7119335279ea7b3fd5110b2a4c083569cbd2c5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2427596567a8ea4b010e6ed8bc190b683e7e2764f113a03dfee431247d47b85
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48412C32E44204ABEB25AB78DD0EB7A3755FB05370F044119F54AC62D1CB79CE40B7A1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F31410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 654 f31410-f31449 655 f3144f-f31465 mciSendStringW 654->655 656 f724b8-f724b9 DestroyWindow 654->656 657 f316c6-f316d3 655->657 658 f3146b-f31473 655->658 659 f724c4-f724d1 656->659 661 f316d5-f316f0 UnregisterHotKey 657->661 662 f316f8-f316ff 657->662 658->659 660 f31479-f31488 call f3182e 658->660 666 f724d3-f724d6 659->666 667 f72500-f72507 659->667 675 f7250e-f7251a 660->675 676 f3148e-f31496 660->676 661->662 664 f316f2-f316f3 call f310d0 661->664 662->658 665 f31705 662->665 664->662 665->657 668 f724e2-f724e5 FindClose 666->668 669 f724d8-f724e0 call f36246 666->669 667->659 672 f72509 667->672 674 f724eb-f724f8 668->674 669->674 672->675 674->667 678 f724fa-f724fb call fa32b1 674->678 681 f72524-f7252b 675->681 682 f7251c-f7251e FreeLibrary 675->682 679 f72532-f7253f 676->679 680 f3149c-f314c1 call f3cfa0 676->680 678->667 683 f72566-f7256d 679->683 684 f72541-f7255e VirtualFree 679->684 692 f314c3 680->692 693 f314f8-f31503 CoUninitialize 680->693 681->675 687 f7252d 681->687 682->681 683->679 689 f7256f 683->689 684->683 688 f72560-f72561 call fa3317 684->688 687->679 688->683 694 f72574-f72578 689->694 695 f314c6-f314f6 call f31a05 call f319ae 692->695 693->694 696 f31509-f3150e 693->696 694->696 699 f7257e-f72584 694->699 695->693 697 f31514-f3151e 696->697 698 f72589-f72596 call fa32eb 696->698 701 f31707-f31714 call f4f80e 697->701 702 f31524-f315a5 call f3988f call f31944 call f317d5 call f4fe14 call f3177c call f3988f call f3cfa0 call f317fe call f4fe14 697->702 712 f72598 698->712 699->696 701->702 715 f3171a 701->715 717 f7259d-f725bf call f4fdcd 702->717 743 f315ab-f315cf call f4fe14 702->743 712->717 715->701 722 f725c1 717->722 725 f725c6-f725e8 call f4fdcd 722->725 731 f725ea 725->731 734 f725ef-f72611 call f4fdcd 731->734 741 f72613 734->741 744 f72618-f72625 call f964d4 741->744 743->725 750 f315d5-f315f9 call f4fe14 743->750 749 f72627 744->749 752 f7262c-f72639 call f4ac64 749->752 750->734 755 f315ff-f31619 call f4fe14 750->755 758 f7263b 752->758 755->744 760 f3161f-f31643 call f317d5 call f4fe14 755->760 761 f72640-f7264d call fa3245 758->761 760->752 769 f31649-f31651 760->769 768 f7264f 761->768 771 f72654-f72661 call fa32cc 768->771 769->761 770 f31657-f31675 call f3988f call f3190a 769->770 770->771 780 f3167b-f31689 770->780 776 f72663 771->776 779 f72668-f72675 call fa32cc 776->779 785 f72677 779->785 780->779 782 f3168f-f316c5 call f3988f * 3 call f31876 780->782 785->785
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00F31459
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE ref: 00F314F8
                                                                                                                                                                                                                                                                                                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 00F316DD
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00F724B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00F7251E
                                                                                                                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F7254B
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1056390845aaeb26e45c69d09e900d648b1093add5408f9e32d2c0f76060a938
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98cc149dda759772c176dfb8e06b24e6958e4f2fda640995b777aea3469ffa16
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1056390845aaeb26e45c69d09e900d648b1093add5408f9e32d2c0f76060a938
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4D15D31B01212CFCB19EF15C995B29F7A4BF05720F1482AEE44E6B252DB31AD16EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 793 f9de27-f9de4a WSAStartup 794 f9de50-f9de71 gethostname gethostbyname 793->794 795 f9dee6-f9def2 call f54983 793->795 794->795 796 f9de73-f9de7a 794->796 803 f9def3-f9def6 795->803 798 f9de7c-f9de81 796->798 799 f9de83-f9de85 796->799 798->798 798->799 801 f9de87-f9de94 call f54983 799->801 802 f9de96-f9dedb call f50e20 inet_ntoa call f5d5f0 call f9ebd1 call f54983 call f4fe14 799->802 808 f9dede-f9dee4 WSACleanup 801->808 802->808 808->803
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 40dd2cff8493696b160659c8b60776f96a9d1f20660292fc3de6747e13665ac3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d34fa532e441afb71486a62143c4ec39690239e0a56ebedc6d9167006e734e9e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40dd2cff8493696b160659c8b60776f96a9d1f20660292fc3de6747e13665ac3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4113671800109ABDF24BB60DC0BEEF37ACDF10721F110169F50997091EF749A84BAA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3DFD0 Relevance: 11.9, APIs: 2, Strings: 4, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: D%$D%$D%$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2018361425
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c96a7228ff79c746c8e337d0f5d509e4fe4ded5c76793955e29bcf614bd0cff5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a5eb76c4e12bc420e039ac34270e87f7d861c045b600fa5eff44a40a76ae875d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c96a7228ff79c746c8e337d0f5d509e4fe4ded5c76793955e29bcf614bd0cff5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AC29A75E00205CFCB24DF58C880BADBBB1BF09720F248169E956AB3A1D375ED41EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3EC40 Relevance: 11.7, APIs: 3, Strings: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00F3FE66
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: D%$D%$D%
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1385522511-327635866
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c31e89bb5bc819c3c08cbbd20da675404f1302ecf5e71c9eed271af0ed44bd57
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c26441eb1838366409ffe387876520dbac6dbc1fd0ea2986f12ac62c1ada9d1e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c31e89bb5bc819c3c08cbbd20da675404f1302ecf5e71c9eed271af0ed44bd57
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64B27B75A08341CFDB24DF18C480B2AB7E1BF99324F14486DE8869B391D775EC49EB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F32C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 1780 f32c63-f32cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F32C91
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F32CB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F31CAD,?), ref: 00F32CC6
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F31CAD,?), ref: 00F32CCF
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 743494b336d9ed288f5c775bc16d447da13ae7af1139d9014825c01b9ba89c9a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b58460a7cbc9aef68230e081788b9d6b156555e26e332d7a2c44d0d173499371
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 743494b336d9ed288f5c775bc16d447da13ae7af1139d9014825c01b9ba89c9a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BF0F4755403947AEB320713AC09E673FBDD7C6F50F00801AF904A3594C67A8840EAB0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F33B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 1931 f33b1c-f33b27 1932 f33b99-f33b9b 1931->1932 1933 f33b29-f33b2e 1931->1933 1935 f33b8c-f33b8f 1932->1935 1933->1932 1934 f33b30-f33b48 RegOpenKeyExW 1933->1934 1934->1932 1936 f33b4a-f33b69 RegQueryValueExW 1934->1936 1937 f33b80-f33b8b RegCloseKey 1936->1937 1938 f33b6b-f33b76 1936->1938 1937->1935 1939 f33b90-f33b97 1938->1939 1940 f33b78-f33b7a 1938->1940 1941 f33b7e 1939->1941 1940->1941 1941->1937
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00F33B0F,SwapMouseButtons,00000004,?), ref: 00F33B40
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00F33B0F,SwapMouseButtons,00000004,?), ref: 00F33B61
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00F33B0F,SwapMouseButtons,00000004,?), ref: 00F33B83
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dbfccbd7bb190fe72e55d26ab593666458a59fcfaa1b1fac2a756e657481d8aa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 47edc4b4aca99d0688dca13a0d45693a358ac06bd91461119ad2a9b55d091165
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbfccbd7bb190fe72e55d26ab593666458a59fcfaa1b1fac2a756e657481d8aa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94112AB5910208FFDB20CFA5DC45EAEBBB8EF44764F104459E805D7110D2319E40A7A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                  control_flow_graph 1942 f8d3a0-f8d3a9 1943 f8d3ab-f8d3b7 1942->1943 1944 f8d376-f8d37b 1942->1944 1946 f8d3c9 1943->1946 1947 f8d3b9-f8d3c7 GetProcAddress 1943->1947 1945 f8d292-f8d2a8 1944->1945 1951 f8d2a9 1945->1951 1948 f8d3ce-f8d3de 1946->1948 1947->1946 1947->1948 1948->1945 1952 f8d3e4-f8d3eb FreeLibrary 1948->1952 1951->1951 1952->1945
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00F8D3BF
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32 ref: 00F8D3E5
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d27686f5e2e605ed7376e409a77e64eabd7294ef8a0285a6022128f787e478d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 172dc952ed4a04bd7e07173994fe51fc9cdf407a610ba4be07aa4342d8d01dc6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d27686f5e2e605ed7376e409a77e64eabd7294ef8a0285a6022128f787e478d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6F0AB33C02622EBD33232118C59FE9B310AF00701F598119F80AE30C5DB20CD40B3C2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F33923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F733A2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F33A04
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: df795f09f5ae5b05a43109a4548aff78c8edac5a1d32b563a38ab60df604e62b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e58e82c0a93e1d15113e30aaebaba8316aac6513067529aec5390da507c601bb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df795f09f5ae5b05a43109a4548aff78c8edac5a1d32b563a38ab60df604e62b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0631A171809304AAD725EB20DC46BEBB7D8AB40734F00852EF5D993195EF789A49E7C2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F50668
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F532A4: RaiseException.KERNEL32(?,?,?,00F5068A,?,01001444,?,?,?,?,?,?,00F5068A,00F31129,00FF8738,00F31129), ref: 00F53304
                                                                                                                                                                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00F50685
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 80441571289f3d7e1c6975dff51b947a22e28b31bbfcaeaa57c5f6a66a0daa32
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d9fb1766352749563eaaffeda941ace99746cba2c94947fb9640f5312614cc91
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80441571289f3d7e1c6975dff51b947a22e28b31bbfcaeaa57c5f6a66a0daa32
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07F0FF20D0020D738B00BAA8DC46D9E7B6C5E00361B604430BE18924A2EF75EA6EE991
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F310F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F31BF4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00F31BFC
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F31C07
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F31C12
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00F31C1A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00F31C22
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F31B4A: RegisterWindowMessageW.USER32(00000004,?,00F312C4), ref: 00F31BA2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00F3136A
                                                                                                                                                                                                                                                                                                                                                                                                                  • OleInitialize.OLE32 ref: 00F31388
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000), ref: 00F724AB
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5eba58962d92d6fd885036fa77e112eec3df271ac998e54bb9a91a41e2a6c6d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 81a72c640c90879aec6effd2fd86dccd6b513776203e2938ce6acf4b1a36e93c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5eba58962d92d6fd885036fa77e112eec3df271ac998e54bb9a91a41e2a6c6d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5071BDB4905201CFD3A6DF79E9456553AE0BB48352F58822EE0CADB299EB3BC601DF41
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F33A04
                                                                                                                                                                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00F9C259
                                                                                                                                                                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001,?,?), ref: 00F9C261
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F9C270
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 67660d976181a47bbb4b6814d84d60b334618420d92e5f33747a27ac084b69be
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c3196a8fa1dc1d2094baca33cb9b2cbf763911a9584cd0ecff6c69912aab492d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67660d976181a47bbb4b6814d84d60b334618420d92e5f33747a27ac084b69be
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB31B171904384AFFF32CF648855BE6BBEC9F06708F00449AD6DE93241C3745A84DB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F686AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,?,?,00F685CC,?,00FF8CC8,0000000C), ref: 00F68704
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00F685CC,?,00FF8CC8,0000000C), ref: 00F6870E
                                                                                                                                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00F68739
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ae6c34b2ab1d96a6af72425d3ae1c45e694899c2026521aa74062b41aac3b9ec
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8e632763ae69413c292c10be25699593f16ae07c272cf332e6a3810d8ed8946a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae6c34b2ab1d96a6af72425d3ae1c45e694899c2026521aa74062b41aac3b9ec
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17012B33E0566016D6356234EC46B7E775A4B81FF4F39031DF9589B1D2DEA68C83B290
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00F3DB7B
                                                                                                                                                                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00F3DB89
                                                                                                                                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F3DB9F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00F3DBB1
                                                                                                                                                                                                                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(?,?,?), ref: 00F81CC9
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aa2f1693adabdb89abd8692b95dd8f3391ffaeb56c8e1a05e10def19344a1fac
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fb387f863d892dc310fef3ca8dd739ac643ebc079780d2bd04fbdffac928ba22
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa2f1693adabdb89abd8692b95dd8f3391ffaeb56c8e1a05e10def19344a1fac
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02F0FE31A443449BE730DB60DD8AFEA77BCFF85320F104A19E65A930C0DB34A549EB55
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F41310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00F417F6
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e10b4b380c94643ac306ce5956adc97ad44d17113a239d9068f76780682935f8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 80d2b4b44797fbb8d0bcedbd3c31efa181f4132a16dd3bf9a4ab7ef42954fc0b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e10b4b380c94643ac306ce5956adc97ad44d17113a239d9068f76780682935f8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5229D70A083019FC714DF14C894B6ABBF1BF85314F18891DF89A8B3A1D775E885EB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F401E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f136fc456baff123ecb7c822da6cc58964d13c68de243d8ef94403adb2fb9334
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d54b5588bf4ea4c931d6930b8b5d299bd70a85c354a71f1f92b0fc8d4a2bf003
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f136fc456baff123ecb7c822da6cc58964d13c68de243d8ef94403adb2fb9334
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5232F331A00605DFCB10EF54CC85BEEBBB1AF05720F148469ED16AB2A1DB75ED44EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F32DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(?), ref: 00F72C8C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F33A97,?,?,00F32E7F,?,?,?,00000000), ref: 00F33AC2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F32DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00F32DC4
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 863cb8aaea7b5bf0f6d10b248a8bb5d159ddda94a66d77e3397f2e01e58f8844
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f463f45a483bca0cf551e467205d2ee05d116a16dc0aabe6437f73c1fe522bfb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 863cb8aaea7b5bf0f6d10b248a8bb5d159ddda94a66d77e3397f2e01e58f8844
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2219671A0025C9BCB41EF94CC45BEE7BF8AF49324F00805AE505E7241DBB855899FA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetComputerNameW.KERNEL32(?,?), ref: 00F8D375
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b35f7cec61004306cb7eea98fb2940cdaf7c17679afb829bcffebbe9f0286e15
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 870e19a40644cde96ede0e49a00b8fa46befefe85df458fb1aca994ba1d37f7c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b35f7cec61004306cb7eea98fb2940cdaf7c17679afb829bcffebbe9f0286e15
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1D0C9B680511CEACB94DB40EC89ED9B77CBF04305F504151F406A2040DB309548AB10
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F33837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F33908
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 94f9ae23708f68211df26f09975abe23c9fc523eddfcd5c97098700491d5b570
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e8bd2233c130f8bd63353a330dd5aad0015a9c5f13a37dc633a250dd8d97b386
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f9ae23708f68211df26f09975abe23c9fc523eddfcd5c97098700491d5b570
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A331D271904300DFD721DF24D88579BBBE8FB49329F00092EF5D983280E775AA44DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 00F4F661
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3D730: GetInputState.USER32 ref: 00F3D807
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00F8F2DE
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: abf55cbf258de86edfcb3a4826eba89e87d2a0166e59ade728f030927c76275c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 486d441f7cbffee5a2a903d14b0c267356eb6a8ffccddc99f4477b95fef9fcba
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abf55cbf258de86edfcb3a4826eba89e87d2a0166e59ade728f030927c76275c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAF08C312402099FD350EF69D95AF6ABBE8EF45760F000029E95DC7261DB70A800EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00F3BB4E
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce5b815e80daf09ce806075aaca37e419ce68b67fa406846759a3eb3e497f5b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 48ae8c3da0003a9da02a363342660632a55d129c0add9a41fbb4353a09707a3c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce5b815e80daf09ce806075aaca37e419ce68b67fa406846759a3eb3e497f5b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D532FD31E00209DFDB24DF54C8A8BBEB7B5EF44320F548059EA45AB251CB78ED45EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F34ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F34E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F34EDD,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34E9C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F34E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F34EAE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F34E90: FreeLibrary.KERNEL32(00000000,?,?,00F34EDD,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34EC0
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34EFD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F34E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F73CDE,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34E62
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F34E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F34E74
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F34E59: FreeLibrary.KERNEL32(00000000,?,?,00F73CDE,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34E87
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4dc47cfc9dfb025ca06bad3d9a1aa29f5d62b23b873076de0ef040d45e8df871
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 68660fb62f2bf9f7d39708997c0d09d5d1ff3b1832b52bb15a7fc5746620a706
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dc47cfc9dfb025ca06bad3d9a1aa29f5d62b23b873076de0ef040d45e8df871
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11E732600205AACB14BB74DD12FAD77A59F40B21F14842EF546AB1C1EE78FA45BB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F68402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f9bc575c94c84168df9a0bd83cccc896ef699e35affb92aece2257d3fb434347
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5c0fea0aca42c7e61c827e34b9f0990598741de2daf00f78a963b6f8c5584909
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9bc575c94c84168df9a0bd83cccc896ef699e35affb92aece2257d3fb434347
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A311487190410AAFCB05DF58E940ADA7BF4EF48310F104199F808AB302DA31DA22DBA5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F5E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 718d14819423378520daf09ab3ee4d0d422975cd17a89ab21a341648368bc2e1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21F02D32921E149AC7353A69CC05B5A37999F523B3F100715FE21931D1CB78D90AB9A5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F63820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,01001444,?,00F4FDF5,?,?,00F3A976,00000010,01001440,00F313FC,?,00F313C6,?,00F31129), ref: 00F63852
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 24842ec7ea6a4e9afa30148df44c0524b4cd87d4be9698ba5e3d336ec35b58aa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dc6557735bf64e6eb3b4105e41d3d008fa7eb09b7bd8ec4a657f5b3868883ed3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24842ec7ea6a4e9afa30148df44c0524b4cd87d4be9698ba5e3d336ec35b58aa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FE0653390122456E63126779D05BDA3749AB427B1F190121BD5597581DB25ED01B3E1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F34F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34F6D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 33a25b4b502a7275b2753ffae7623dec6568a4dc57d40ac17a102c82aba33ecc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b33e3b2d7e9857f41b6cdf2e404f08509f960df77ed4508c4183fc80664881e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33a25b4b502a7275b2753ffae7623dec6568a4dc57d40ac17a102c82aba33ecc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDF01C71505751CFDB349F75D490912B7E4AF1433971889AEE1EA83611C731B844EF50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00FC2A66
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d55a18783e5ab1b5e9e9519c159f259366b6f3be4e26b31b1b6054b16ab42b6d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a520af7125baa2871b9879eaa9a16a2a6bdb8999a267821f7deeb08a3cacda0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d55a18783e5ab1b5e9e9519c159f259366b6f3be4e26b31b1b6054b16ab42b6d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5E0DF32750116AADB54EB34DD81EFA735CEB10390B00403AEC1AC2100DF389981B2E0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F330F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F3314E
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc332e4bfa8b864fd79869db6d66787df4547169fc69de51f5894696f5f7a59e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b9e287af4f4bc4addac580b94d4748875d051ed9dfc28d8b4357ba15163a1916
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc332e4bfa8b864fd79869db6d66787df4547169fc69de51f5894696f5f7a59e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF037709143189FE763DB24DC4A7D57BBCA701708F0041E5A68897185DB759788CF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F32DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00F32DC4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1160767055506a78d41c8c47cadf9a53feee97ca3879741c0aa2bdbc8cb5e7f1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0bb9ea6d82c86d7bfa876251b671c2465bbcfd7f0818c69e262a37bd64e93781
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1160767055506a78d41c8c47cadf9a53feee97ca3879741c0aa2bdbc8cb5e7f1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CE0CD72A001245BC71092589C06FDA77DDDFC8790F054071FD0DD7248D964AD849691
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F32B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F33908
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3D730: GetInputState.USER32 ref: 00F3D807
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00F32B6B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F330F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F3314E
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ce87d6a41c2e19cfefb18a27b9fff64756535b86563395e7ec453b2e617ba88
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7cba9fef76d9419a4c8eab5d41ce282b3e859ba8708b8b23bb77ac5f91907e7d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ce87d6a41c2e19cfefb18a27b9fff64756535b86563395e7ec453b2e617ba88
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E0C23270824807CA09FB74AC529BDF7599BD5375F40153EF286831A3CF7D8A49A352
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00F9DF40
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8dee805d8233c2db045931d6fe2ee48d773a6da3b34696395520b9f19b6ffbf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f6a89d0cfde65cc3ea4c3562a824e1b36eaa597f8233265340563ba6aaac6fe1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8dee805d8233c2db045931d6fe2ee48d773a6da3b34696395520b9f19b6ffbf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98D05EA2A002283BDF64E6749D0EDF77AACC780220F0046A1796DD3152E924DD448AF0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F7039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000000,?,00F70704,?,?,00000000,?,00F70704,00000000,0000000C), ref: 00F703B7
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7066e603521015cc981bc968a756a9999dd613e4e7d51e9b01758365827cb4c8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: db1040b6e8ae096eb3fe68a5d86efb09314944d89bf253344ea7627a283d06ff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7066e603521015cc981bc968a756a9999dd613e4e7d51e9b01758365827cb4c8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDD06C3204010DBBDF028F85DD06EDA3BAAFB48714F014000FE1856020C732E821AB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F31CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00F31CBC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 767ddd735556f1ac4fefac3ff07a24db44879abf47c7fa3025a9c78a82407216
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c2704f0bd9474643d1bd0323a23434cc4b21109299ad972a0468de871746e72
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 767ddd735556f1ac4fefac3ff07a24db44879abf47c7fa3025a9c78a82407216
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2C09236280308EFF3268B80BD4FF107765A348B01F088401F68EAA5D7C7B76861EB94

                                                                                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00FC961A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FC965B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00FC969F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FC96C9
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00FC96F2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00FC978B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000009), ref: 00FC9798
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FC97AE
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 00FC97B8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FC97E9
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00FC9810
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001030,?,00FC7E95), ref: 00FC9918
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00FC992E
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00FC9941
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCapture.USER32(?), ref: 00FC994A
                                                                                                                                                                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00FC99AF
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00FC99BC
                                                                                                                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00FC99D6
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 00FC99E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FC9A19
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00FC9A26
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 00FC9A80
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00FC9AAE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00FC9AEB
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00FC9B1A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00FC9B3B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00FC9B4A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FC9B68
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00FC9B75
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00FC9B93
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 00FC9BFA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00FC9C2B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00FC9C84
                                                                                                                                                                                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00FC9CB4
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00FC9CDE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32 ref: 00FC9D01
                                                                                                                                                                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00FC9D4E
                                                                                                                                                                                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00FC9D82
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49944: GetWindowLongW.USER32(?,000000EB), ref: 00F49952
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC9E05
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 569893073e6c0fda8e2cafa74a96301abfa8b215389fbe9f03484840085997dc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 03699eae7e643aabda349c6524a332903ed8f156269aaa4dd5dd64aa9a1c6343
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 569893073e6c0fda8e2cafa74a96301abfa8b215389fbe9f03484840085997dc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32428D31608206AFD725CF24CE4AFAABBE5FF48320F14061DF599872A1D7B1D950EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00FC48F3
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00FC4908
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00FC4927
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00FC494B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00FC495C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00FC497B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00FC49AE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00FC49D4
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00FC4A0F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00FC4A56
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00FC4A7E
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00FC4A97
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FC4AF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FC4B20
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC4B94
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00FC4BE3
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00FC4C82
                                                                                                                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00FC4CAE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FC4CC9
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 00FC4CF1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00FC4D13
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FC4D33
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 00FC4D5A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c329faf2fc4b8d73611db7e6d76928d186f3cb76069c3e96a672636c323148c8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 569443d7e3f5b33a97ad315d7ecbf2645168d6d58de6cf60d25f3de2bf60de2f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c329faf2fc4b8d73611db7e6d76928d186f3cb76069c3e96a672636c323148c8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A512257190021AABEB248F24CE5AFAE7BF8EF45720F10411DF51ADB2E1D774A940EB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00F4F998
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F8F474
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsIconic.USER32(00000000), ref: 00F8F47D
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000009), ref: 00F8F48A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00F8F494
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F8F4AA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F8F4B1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F8F4BD
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 00F8F4CE
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001), ref: 00F8F4D6
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00F8F4DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00F8F4E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8F4F6
                                                                                                                                                                                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F8F501
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8F50B
                                                                                                                                                                                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F8F510
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8F519
                                                                                                                                                                                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F8F51E
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F8F528
                                                                                                                                                                                                                                                                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00F8F52D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00F8F530
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00F8F557
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 913ed849ed511c916dcac2ccfa4d350b5baa2547c7d3b5e7240978a1439ad566
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 66b94b354b41e1a1a33ae42bf411182ef4e4d23600a58afc0fbb8b98ad124024
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 913ed849ed511c916dcac2ccfa4d350b5baa2547c7d3b5e7240978a1439ad566
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8315071A4021CBEEB206BB55D4AFBF7E6CEB44B50F140426FA09EB1D1C6B15900BBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F9170D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F9173A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F916C3: GetLastError.KERNEL32 ref: 00F9174A
                                                                                                                                                                                                                                                                                                                                                                                                                  • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00F91286
                                                                                                                                                                                                                                                                                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00F912A8
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F912B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00F912D1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessWindowStation.USER32 ref: 00F912EA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 00F912F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00F91310
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F911FC), ref: 00F910D4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910BF: CloseHandle.KERNEL32(?,?,00F911FC), ref: 00F910E9
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 835e6ae6147812ec5e26b09be5caf9dae973781fb5520ffa2760b79ef815feb4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 534511dd67dbfaed8130fe2ad68ad1bc4081947cfdb4c9fe9fcdc7bfa6173b78
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 835e6ae6147812ec5e26b09be5caf9dae973781fb5520ffa2760b79ef815feb4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98819E71D0020AABEF10DFA8DD49FEE7BB9FF09714F044129FA14A61A0C7358954EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F90B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F91114
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F91120
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F9112F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F91136
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F9114D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F90BCC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F90C00
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00F90C17
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00F90C51
                                                                                                                                                                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F90C6D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00F90C84
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F90C8C
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00F90C93
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F90CB4
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00F90CBB
                                                                                                                                                                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F90CEA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F90D0C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F90D1E
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F90D45
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90D4C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F90D55
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90D5C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F90D65
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90D6C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00F90D78
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90D7F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91193: GetProcessHeap.KERNEL32(00000008,00F90BB1,?,00000000,?,00F90BB1,?), ref: 00F911A1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F90BB1,?), ref: 00F911A8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F90BB1,?), ref: 00F911B7
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fdc5efa5f37bb8cbe081b1409070b53ebbfce131e8420d66f424ef408294f2b0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c5628d3e8a78c255399cba5f805be21554b4a02120895d2eb56ef3fe84ed4ca
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdc5efa5f37bb8cbe081b1409070b53ebbfce131e8420d66f424ef408294f2b0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96715972D0020AAFEF109FA5DD45FAEBBBCBF04314F044515E918E7291DB75A905EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00FCCC08), ref: 00FAEB29
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 00FAEB37
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 00FAEB43
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00FAEB4F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00FAEB87
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00FAEB91
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00FAEBBC
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 00FAEBC9
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 00FAEBD1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00FAEBE2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00FAEC22
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000F), ref: 00FAEC38
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClipboardData.USER32(0000000F), ref: 00FAEC44
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00FAEC55
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00FAEC77
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00FAEC94
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00FAECD2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00FAECF3
                                                                                                                                                                                                                                                                                                                                                                                                                  • CountClipboardFormats.USER32 ref: 00FAED14
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00FAED59
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ad2b238354473658119414eda9b9f1fbcc78891afb35a3d2ef01ef6013c0353
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 401867b89ef2be3a35334e9ce4f8fbcb2032bcdd99ec595356ace42521f577a0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ad2b238354473658119414eda9b9f1fbcc78891afb35a3d2ef01ef6013c0353
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50610175204306AFD300EF20CD89F6AB7A4AF85764F14441DF85A872A2CB71DD06EBA2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00FA69BE
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA6A12
                                                                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FA6A4E
                                                                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00FA6A75
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FA6AB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00FA6ADF
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 108612fb7c021735c0400c8c0b04df359be105cbc1a2cb29f6fbbf66184f9aad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a4512fbb2d151209966a2b84d20d6ab7dc2a81c7b0999f1288b4cb6ef4112b2d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 108612fb7c021735c0400c8c0b04df359be105cbc1a2cb29f6fbbf66184f9aad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFD185B2508304AFC314EBA0CD85EABB7ECAF89714F44491DF589D7151EB78DA04DB62
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00FA9663
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00FA96A1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00FA96BB
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00FA96D3
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA96DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00FA96FA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA974A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00FF6B7C), ref: 00FA9768
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00FA9772
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA977F
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA978F
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fddc28b1b18f32b89e12057ec3f86f788145ae9278b4ee576d12a2d21aea8d3a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e724c934f26e5c69ba7210438ba08ebd6a2ff2254e9da7aaadeaf3062dc6fe3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fddc28b1b18f32b89e12057ec3f86f788145ae9278b4ee576d12a2d21aea8d3a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E31E27290420D6ADF10EFB4ED09EEE77AC9F4A320F1040A5FA18E31A0DB74D944AE60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00FA97BE
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00FA9819
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA9824
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00FA9840
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA9890
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00FF6B7C), ref: 00FA98AE
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00FA98B8
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA98C5
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA98D5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00F9DB00
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b729705b0e19e12b443814714582942f4bc860658ee7b18565003aafd9071aed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 683f03b214e84b412490dfbb79b6152c1d8145e5db5689572f755bff1fff1463
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b729705b0e19e12b443814714582942f4bc860658ee7b18565003aafd9071aed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F31C37290421D6ADB10EFB4EC49EEE77AC9F47330F5041A5E914E30A0DBB8D945EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F33A97,?,?,00F32E7F,?,?,?,00000000), ref: 00F33AC2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9E199: GetFileAttributesW.KERNEL32(?,00F9CF95), ref: 00F9E19A
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00F9D122
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00F9D1DD
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00F9D1F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F9D20D
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F9D237
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00F9D21C,?,?), ref: 00F9D2B2
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?), ref: 00F9D253
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00F9D264
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 93cedabef000a39a38fe3a00d352f22c9982e6571aec1978d63f8750e059673a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 895fff2caea2a56d673fd1de845b39729cbbdb5c94e15afb2e793249bd0fd341
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93cedabef000a39a38fe3a00d352f22c9982e6571aec1978d63f8750e059673a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB617C31C0510DAADF05EBE0CE929EDB7B5AF54320F704065E442B71A1EB78AF09EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f936661ce0d9d7d87428582a5f07f749d5c323930f3530bacf1f55a2be0a2600
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b87a5878e411813d747dbac8365415b5949abe794322030a38a804b69c15d87
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f936661ce0d9d7d87428582a5f07f749d5c323930f3530bacf1f55a2be0a2600
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2941EC75604211AFE320CF25D989F19BBE0EF05329F05C09DE4198B662C735EC42EBD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F916C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F9170D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F916C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F9173A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F916C3: GetLastError.KERNEL32 ref: 00F9174A
                                                                                                                                                                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00F9E932
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b2c127e45420fd496b25820c647ee7f388b6e2327181da1bf35342dbd00b877
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b1410a36289ed5971e17b6e3aee559f1343b4637550da814c13f20a0bf600ccb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b2c127e45420fd496b25820c647ee7f388b6e2327181da1bf35342dbd00b877
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6101D673E10215ABFF64A6B49D86FBB726CAB14760F150821FD03E31D1D9A55C40B1D0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00FB1276
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB1283
                                                                                                                                                                                                                                                                                                                                                                                                                  • bind.WSOCK32(00000000,?,00000010), ref: 00FB12BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB12C5
                                                                                                                                                                                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00FB12F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • listen.WSOCK32(00000000,00000005), ref: 00FB1303
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB130D
                                                                                                                                                                                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00FB133C
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69b3b0daaa46edfc03d0bbd8a1bf990f09bb794ba62f828967c76ad39a539a54
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8edb029f9820aa30f8cadd1204946c8129908ad36132d78382e1f93b45b9d465
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69b3b0daaa46edfc03d0bbd8a1bf990f09bb794ba62f828967c76ad39a539a54
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8641D131A001009FD710DF25C999B6ABBE5BF46328F588088E85A8F2D2C731EC81DFE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6B9D4
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6B9F8
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6BB7F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00FD3700), ref: 00F6BB91
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0100121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00F6BC09
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,01001270,000000FF,?,0000003F,00000000,?), ref: 00F6BC36
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6BD4B
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c968522fc32de1074dfaae5d1c62ae8b94d11e8011ed2bb035524010526c5edf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4e4835fbaff68487cadf4a438c5823ced94d988e3e61becd841e7fa021d6ea0d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c968522fc32de1074dfaae5d1c62ae8b94d11e8011ed2bb035524010526c5edf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7C12872E04208AFDB21DF78CC41BAA7BB9EF41320F14419AE894D7242E7349E81E750
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F33A97,?,?,00F32E7F,?,?,?,00000000), ref: 00F33AC2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9E199: GetFileAttributesW.KERNEL32(?,00F9CF95), ref: 00F9E19A
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00F9D420
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F9D470
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F9D481
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00F9D498
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00F9D4A1
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 16e5b4b157de8dd438049e9870f68b1f3f672f519cb3ae38a8c2e48c2a9a8f59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4684b7dbbdf799868627d98a0aab3a09d11fa2b9e2a0d0ee3be0098cea873a51
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16e5b4b157de8dd438049e9870f68b1f3f672f519cb3ae38a8c2e48c2a9a8f59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5331AE3140C3459BC704EF64DD929AFB7A8AE91324F504A1DF4D5931A1EB34EA09EBA3
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fc7635dacc55c666b1f99923e768132e3c4a565d0d225f4c840f9764bec82cb6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e9f9d183786c1314d3eefc0c32bea864f6d68523aef12fb186d5ec723408137
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc7635dacc55c666b1f99923e768132e3c4a565d0d225f4c840f9764bec82cb6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60C25D72E046288FDB25CF28DD407EAB7B5EB45315F1441EAD80EE7241E778AE85AF40
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA64DC
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00FA6639
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00FCFCF8,00000000,00000001,00FCFB68,?), ref: 00FA6650
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00FA68D4
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a807a3e25635b64fe1b65b468b9535fb546300655e68038722060574964c9747
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 260c9c6e996505db9fbd9bde3f07dab6cb9d67b1c0d06f697b0399aaa6066e53
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a807a3e25635b64fe1b65b468b9535fb546300655e68038722060574964c9747
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D149B1508301AFC314EF24C881A6BB7E8FF99714F04496DF595CB2A1EB74E909DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,00000000), ref: 00FB22E8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FAE4EC: GetWindowRect.USER32(?,?), ref: 00FAE504
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00FB2312
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00FB2319
                                                                                                                                                                                                                                                                                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00FB2355
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FB2381
                                                                                                                                                                                                                                                                                                                                                                                                                  • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00FB23DF
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 04585feceee80c063956bbdcad973534db269b35056c5f27c130b63949e155bb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d313c1f98dbfdf9dcb920968b91fd3a18ff19216bc8e56dbaaba6f8340e1f867
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04585feceee80c063956bbdcad973534db269b35056c5f27c130b63949e155bb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6531BE72504319ABDB20DF55CC49F9BB7E9FF88310F040919F98997191DB34E909DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00FA9B78
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00FA9C8B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FA3874: GetInputState.USER32 ref: 00FA38CB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FA3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FA3966
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00FA9BA8
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00FA9C75
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9dd74fb6eae7ee452db06a2875d77958681f175b8d1732b0ac1d5901921ca754
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2bf99127ac93f0e4897ea5a521d6af9ba03f46a13c2d1ff7eeb493589ee77eb2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dd74fb6eae7ee452db06a2875d77958681f175b8d1732b0ac1d5901921ca754
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1641B3B1D0860A9FCF14DFA4CD45AEE7BB4EF46320F104065E915A3191DB709E44EF60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,?,?,?,?), ref: 00F49A4E
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00F49B23
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00F49B36
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: db31dd9fc1accd064f11d40895757f1db21b6ef810f5592c50597c01dbad6590
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 339451f0320c5facff4b5e6b4148a86d8d17b4cee7d2b723625e697445a7cd91
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db31dd9fc1accd064f11d40895757f1db21b6ef810f5592c50597c01dbad6590
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99A1D67170C554AEE725BA288C49FBF3E9DDB82360F240209F902C6595CAADDE41F371
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FB304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00FB307A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FB304E: _wcslen.LIBCMT ref: 00FB309B
                                                                                                                                                                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00FB185D
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB1884
                                                                                                                                                                                                                                                                                                                                                                                                                  • bind.WSOCK32(00000000,?,00000010), ref: 00FB18DB
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB18E6
                                                                                                                                                                                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00FB1915
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fcc3d2ae6d6b87370b0ba4f01ea0bc22a9fedf2ee5207b2adc48c8d90dfe25c1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 24c6fd9b955d982b44c1d9fbaa13e3269262d48b75391c13e7f73230532a0965
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcc3d2ae6d6b87370b0ba4f01ea0bc22a9fedf2ee5207b2adc48c8d90dfe25c1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F351A375A00200AFDB10EF24C896F6A77E5AB44728F488458FA09AF3D3D775ED419BE1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 895c9e3bdcfdbea1a645644624f5e280842434bec937025d8586cffebc55cb6e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1640b8f4fd94a481fbd33643fd6fc65a1982e3c68eb92eb268071997955093bf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 895c9e3bdcfdbea1a645644624f5e280842434bec937025d8586cffebc55cb6e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB219131B402125FD720CF2AC986F667BA5FF86325F19805CE84A8B252C775D852EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F38060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ee52fa150b0d321bfdb7a40187e847aa1df6fa56cd09dbe25d69c2a65509f32b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ccb206e368d3a2de535de7a2017c52432a152b50cb44cab20740162e0ee78aa5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee52fa150b0d321bfdb7a40187e847aa1df6fa56cd09dbe25d69c2a65509f32b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BA29371E0061ACBDF24CF58C8417ADB7B1BF44760F2481AAE819A7385DB749D82EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00F9AAAC
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(00000080), ref: 00F9AAC8
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00F9AB36
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00F9AB88
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5d18c84b19043642d570f376c1c0d9fa022b954b63eff00ee03375952a034cf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 84b26512794eea4bbef3bfcd3afc16b8fcbea11d98860e4f2d26e1f7e0b090a1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d18c84b19043642d570f376c1c0d9fa022b954b63eff00ee03375952a034cf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59312430E40608AFFF358F698C05BFA7BA6AB84324F04421AF185921D1D7798981F7E2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FACE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,00000400,?), ref: 00FACE89
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00FACEEA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000), ref: 00FACEFE
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4fdcdeada9c955c20d6ce8d5213ac447a6dc19ecd271715da858741cb98082b5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b600487fd7936f17155f0743db1ac62cf8d19f33793b144bb68377d82d91f49a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fdcdeada9c955c20d6ce8d5213ac447a6dc19ecd271715da858741cb98082b5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43219DB1900305AFEB20DF65C989BA677F8EF41364F10442EE646D2151EB74EE08EBE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F98298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00F982AA
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b89008f4417b8f35098534eb7a716b18104c028ae5402a510e907772fa53ea9e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0cdc97bb4d5d29443912151404a34bf28db9f072396bfb275a3c25cc152b1610
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b89008f4417b8f35098534eb7a716b18104c028ae5402a510e907772fa53ea9e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6324575A007059FDB28CF59C480A6AB7F0FF48760B15C46EE49ADB3A1EB70E942DB40
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00FA5CC1
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00FA5D17
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00FA5D5F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a614ca4c226039063227c987307baf6774a401d05ee485e5da96af14293e44d0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f02920a7837386bc3212e0bf5300015ba264873835c4f688e01561c97bd87b0b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a614ca4c226039063227c987307baf6774a401d05ee485e5da96af14293e44d0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6519AB5A046019FC714CF28C894E96B7E4FF4A324F14855DE99A8B3A2CB30ED05DF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F62622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00F6271A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F62724
                                                                                                                                                                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00F62731
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cdf737d026b92135263f75efab4f4f6bcc9c507a7eb3e68a87698a4ad58b6377
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aa50f0e8ea0ae37ae49c27ff518e97c8f8771975117eb63e6f47ee331c601a5f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdf737d026b92135263f75efab4f4f6bcc9c507a7eb3e68a87698a4ad58b6377
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A131C474D0121C9BCB61DF64DD89BD8B7B8AF08310F5041EAE80CA7260EB349F859F84
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00FA51DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00FA5238
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00FA52A1
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6359fc18905a1f505a57147ead1fffdae33d494a7169f398c26ac87118af7034
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 25308d00f9d389e5db33958872251870396adf2caadd8542dde3d59c72c643cc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6359fc18905a1f505a57147ead1fffdae33d494a7169f398c26ac87118af7034
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5313A75A00518DFDB00DF55D884EADBBB4FF49318F088099E809AB362DB35E856DBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F916C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00F50668
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00F50685
                                                                                                                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F9170D
                                                                                                                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F9173A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F9174A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eaefacc0eb2bee6254dd13b184ef2a986e4e27d19164b379ce1073b14e8831c3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d73f5e0a609695443ed52554b5a6938f32c067dc32830fb674ef069f4d237cc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eaefacc0eb2bee6254dd13b184ef2a986e4e27d19164b379ce1073b14e8831c3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4011C4B2800309AFE7189F54DC86D6ABBB9FF44714B24852EE45A53241EB70BC419A60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F9D608
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00F9D645
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F9D650
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1fa91a21925db4634610c38ed7c7f2d9a9150e5d9e9e3b1ef4d52b183993a902
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 82710b4f6cba75c2fae74ca30833235fc0d938af2c221553868c2f7bda83094f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fa91a21925db4634610c38ed7c7f2d9a9150e5d9e9e3b1ef4d52b183993a902
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66115E75E05228BFEB108F95ED45FAFBBBCEB45B60F108115F908E7290D6704A059BE1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00F9168C
                                                                                                                                                                                                                                                                                                                                                                                                                  • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00F916A1
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeSid.ADVAPI32(?), ref: 00F916B1
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0529607bfb9d72f8595a7e4e500431417560792c2ffd438632801ec39053edff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 203dfa4fc99da7a89ff49698e5287be191b9e1af6ca1893c29c269716ebed428
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0529607bfb9d72f8595a7e4e500431417560792c2ffd438632801ec39053edff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19F0F471D9030DFBEF00DFE49D8AEAEBBBCFB08604F504565E901E2181E774AA449A94
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 270833cd5b4f7873a4319ef2df977e50a90b7396f046557c210f4245284dc2ea
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 66f71ef6834eeac5aed99a8aaa233a35d450e0dda62cc4ee3f0c67d30228740a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 270833cd5b4f7873a4319ef2df977e50a90b7396f046557c210f4245284dc2ea
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9413B729006196FCB24DFB9DC49EBB7778EB84314F504269F985D7280E6709D41DB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F5CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 53e11532cc5bffaa92608796a89bfb0d3eefd482cd5f151d3e5ad8e2eeb07810
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92022D71E002199FDF14CFA9C8806ADBBF1EF48325F25816AD91AE7380D731AA45DBD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00FA6918
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00FA6961
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e5a2ea2020aa0e1fa7b3ca92c6fd3114713f3c41d38b0dbf2c762599cf29d6f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b440da97c987798acfe0d4217469125397ef1408ad72631ca1f5205f208f438f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e5a2ea2020aa0e1fa7b3ca92c6fd3114713f3c41d38b0dbf2c762599cf29d6f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 391190756042009FC710DF29D889A16BBE5FF89328F19C699E4698F6A2CB34EC05DBD1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00FB4891,?,?,00000035,?), ref: 00FA37E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00FB4891,?,?,00000035,?), ref: 00FA37F4
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e6fb443bbc6874027ea47ee164e6835f36383902ed750b087bc5e83f9d6b0f50
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 186bd173f8de30a037d8943a0a617b0de1436a2dbe76103e62f59a3658dbee96
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6fb443bbc6874027ea47ee164e6835f36383902ed750b087bc5e83f9d6b0f50
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF0E5B16083292AE72057669C4DFEB3AAEEFC5771F000165F50DD3281D9A09904D6F0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F9B25D
                                                                                                                                                                                                                                                                                                                                                                                                                  • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00F9B270
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f70912de191e22726b971de77cc032a313982c01ba9d507813fc5c2cb273f007
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 095445b84ff9a808050496ba57074bbc00f0a1a0cbfd93a5eada5d0fa99c56fa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f70912de191e22726b971de77cc032a313982c01ba9d507813fc5c2cb273f007
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FF06D7180424DABEF058FA0C806BAE7BB0FF04305F00800AF955A6191C3798201AF94
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F910BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F911FC), ref: 00F910D4
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00F911FC), ref: 00F910E9
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 702f4e17d4a1116739f2ea1978b99408aa06157ab06152b438a371c400b01346
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 94ef9995e96c1322fdc4169d3f848e2dc2477998fda235c94d9ee14a8570df20
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 702f4e17d4a1116739f2ea1978b99408aa06157ab06152b438a371c400b01346
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FE04F32404600AEF7252B11FD06E737BA9FB04320B14882DF8AA814B1DB626C90FB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  • Variable is not of type 'Object'., xrefs: 00F80C40
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fd7bcc90d0a93469e72363f68b4605252d04a8237037aee9ab96e696531ab085
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 085123a96a1dbe96973f7ed86b3b036869eb82dbd4223379f0519aae45861312
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd7bcc90d0a93469e72363f68b4605252d04a8237037aee9ab96e696531ab085
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B832BE35D00218DBCF14EF94C885BEDB7B5BF05324F548059E806BB292DB79AD49EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F66766,?,?,00000008,?,?,00F6FEFE,00000000), ref: 00F66998
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 59df2218c0b081d387816f73ea2a629e1059bff8c75c314c7d54a755f44f353c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 00b12ad79de2b50be961b6d601fee8a84e142033f36bbb95643e2300e9ddfcd6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59df2218c0b081d387816f73ea2a629e1059bff8c75c314c7d54a755f44f353c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B12B32A10609DFD719CF28C48AB657BE0FF45364F298658E899CF2A2C735E991DB40
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 270566680d017628e8b518a002b3efb9227ba676a96b725a6ba5dfd5d088e012
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fb80c71abb233f13bcbf9e7b15aaaec826656c41d927b7e4368a4d5a816650f7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 270566680d017628e8b518a002b3efb9227ba676a96b725a6ba5dfd5d088e012
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8126071D002299BDB14DF58C8817EEBBB5FF48710F54819AE849EB252DB349E81EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • BlockInput.USER32(00000001), ref: 00FAEABD
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fef0bc0a11e18e4d4922d2d1ba156fe79f57e3f94747abed20775f4fcd4e0406
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a11397f7d31d0ebb43f08428c9c3635026f12abedef3f44a0f0e21c70bb6e7b2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fef0bc0a11e18e4d4922d2d1ba156fe79f57e3f94747abed20775f4fcd4e0406
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59E04F762002049FC710EF69D805E9AF7E9AF99770F00841AFD49DB351DB74EC40ABA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F509D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00F503EE), ref: 00F509DA
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5157a7beacb02eb715061046f38e2089e4fe336aa7a375b2a62594e3bcb19a7e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fada75bd749f0a14cee2ba4346b6865cfc1e244b74d9559c94e70a1662f1b379
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5157a7beacb02eb715061046f38e2089e4fe336aa7a375b2a62594e3bcb19a7e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F5781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ca8006ddbb72bebf824a7218cef32f4ebfdd5efc998caa8230a32d7101dde20
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68516A72E0CB055BDB387528A85D7BF63859B12363F280509DF82D7692C619DE0EF361
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F66DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4b7a73798764c0114fbf470992fa2e2ad1ec736c6baf2f5ad112361ec32afb16
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9ce41943db2bb6b3d906f9ecbe0288824c9628d047b7a2ade852174bd5917f8d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b7a73798764c0114fbf470992fa2e2ad1ec736c6baf2f5ad112361ec32afb16
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88324622D2AF414DD723A634CC22335634AAFB73D9F14C737F81AB59A5EB29C4836140
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4c02b9e24f49f6ad4655dc17f9fad17ea7c3f4830a75a66fb7b8cf8e57729b02
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 753009225e8c38a4174f339edfc0fc9569c3eb96040b52d9fb67618baa161ac5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c02b9e24f49f6ad4655dc17f9fad17ea7c3f4830a75a66fb7b8cf8e57729b02
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D320832E001558BDF28EF29C4D46FD7BA1EF45320F28856ADA599B291D234DD81FBE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F37920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 256f7d3b7e000410f2aa3d4d4f36924b101d70c736f4369d219b15bde2772558
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e6a708b933df47b1ada736e8f6e7ce9b65109f61f0685da2893a61080ac4c913
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 256f7d3b7e000410f2aa3d4d4f36924b101d70c736f4369d219b15bde2772558
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF22E2B0E0460ADFDF14DF64C841BAEB7B5FF44320F208129E816A7291EB79AD14EB51
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F391C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ec04b7e08bb5b3bdfad04f38e229801eba8c9b3f3c8d48c4df22d0a3d2f2012
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5feda049f2ab20929efd7eed60457e27b45a77e5447ca5741f2b497885658801
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ec04b7e08bb5b3bdfad04f38e229801eba8c9b3f3c8d48c4df22d0a3d2f2012
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E302C9B1E00109EBDF05DF54D841AAEBBB5FF48310F10816AE81A9B291EB75ED14EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F69EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 183b1a66db54233ae572f645c5f14f8257c2ede333676d8de1ca35153c6a171a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c8d02267ac7aa0af9556d7be5a6ae5c0a6aa267f864302ac815fdca454af1fee
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 183b1a66db54233ae572f645c5f14f8257c2ede333676d8de1ca35153c6a171a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25B11120E2AF444DD32396398931336B75DAFBB2D5F92D31BFC2674D22EB2286835141
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F51C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8cab826f732e3b511f41c46b7e0c8a15c8c6172b9a10cb92c4d75a7c111c9462
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A29177339080A34ADB294639853567EFFF16A523B371A079DDDF2CA1C1EE10A95CF620
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F519B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9a22468c55fccbea025610127bad335e4c079c62c04e1f49bf4afe5371d5a7ea
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 759177736090A349DB2E427A857427DFFE16A923B331A079DD9F2CA1C1FD14A55CF620
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F57A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fb0caf91f67bcedb3ed14278e37c6a83261d41d4c8386aaa09e8710d298fe3e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a1a9275cb07d36afcc7641ca0b947f7ffcdc2762c2cbdbc294570726c008b332
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb0caf91f67bcedb3ed14278e37c6a83261d41d4c8386aaa09e8710d298fe3e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45617831A0870966DA34B928BC99BBE3384DF81363F140919EF43DB295DA199E4FB315
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F57CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dbbaa452d3aaa45e5720b6d1cc5760d33cddaecc180d5e0053b8748e02df844c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f5d9c42dea02fc2af633262cefb09e8eb07d5e54e33c8bb89093d969778b7b00
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbbaa452d3aaa45e5720b6d1cc5760d33cddaecc180d5e0053b8748e02df844c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88619B31E0870957DA3879287C56BBF33A89F41763F100959EF43DB281EA16AD4FB251
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F51706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 52ced95e8dffbc645951d4de2489d1e0430ec2f7b9a9ebba00e7f7988bb47f9d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D48156739090A309DB69423D853467EFFE17A923B371A079DD9F2CA1C1EE14A55CF620
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA2046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4d0f79772ac88e6f2a3c1afb829d6d1061d357a38b5b19be355ecb2ba845e236
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 96f9727f363dc6c91deba2dc8c13041258782de077c4565a6ccaca3bdb7c763c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d0f79772ac88e6f2a3c1afb829d6d1061d357a38b5b19be355ecb2ba845e236
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6621B7727206118BD728CF79C92367E73E5AB54320F15862EE4A7C37C5DE7AA904DB80
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00FB2B30
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00FB2B43
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00FB2B52
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00FB2B6D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00FB2B74
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00FB2CA3
                                                                                                                                                                                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00FB2CB1
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2CF8
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00FB2D04
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00FB2D40
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2D62
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2D75
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2D80
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00FB2D89
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2D98
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00FB2DA1
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2DA8
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00FB2DB3
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2DC5
                                                                                                                                                                                                                                                                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,00FCFC38,00000000), ref: 00FB2DDB
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00FB2DEB
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00FB2E11
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00FB2E30
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB2E52
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00FB303F
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 10556a92cca5b9ff756b9c5180eb3d51d234f9f5011ae7c713ead71d3e318f4d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e1cdc61f8c6ca3d39b99cba0674b06e384a9396d30d75ffe4e17439e92ca3be4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10556a92cca5b9ff756b9c5180eb3d51d234f9f5011ae7c713ead71d3e318f4d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2025071900209AFDB14DF65CD89EAE7BB9EF48720F048558F919AB2A1CB74DD01EF60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00FC712F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00FC7160
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00FC716C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,000000FF), ref: 00FC7186
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00FC7195
                                                                                                                                                                                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00FC71C0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000010), ref: 00FC71C8
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00FC71CF
                                                                                                                                                                                                                                                                                                                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 00FC71DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00FC71E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 00FC7230
                                                                                                                                                                                                                                                                                                                                                                                                                  • FillRect.USER32(?,?,?), ref: 00FC7262
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC7284
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: GetSysColor.USER32(00000012), ref: 00FC7421
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: SetTextColor.GDI32(?,?), ref: 00FC7425
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: GetSysColorBrush.USER32(0000000F), ref: 00FC743B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: GetSysColor.USER32(0000000F), ref: 00FC7446
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: GetSysColor.USER32(00000011), ref: 00FC7463
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00FC7471
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: SelectObject.GDI32(?,00000000), ref: 00FC7482
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: SetBkColor.GDI32(?,00000000), ref: 00FC748B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: SelectObject.GDI32(?,?), ref: 00FC7498
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00FC74B7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00FC74CE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00FC74DB
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0df37990eeaea03e7c882081664771016d6fb26503ab24f4744182e836fb6289
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e55dcfcc280f93c5d21d12e0eeacc1eedb1c538e374d915b2179c4cbf6ad0353
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df37990eeaea03e7c882081664771016d6fb26503ab24f4744182e836fb6289
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACA1AE72408306AFD700AF60DE4AF5B7BA9FB89320F140A19F966971E1D731E944EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F48D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?), ref: 00F48E14
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F86AC5
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00F86AFE
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00F86F43
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F48F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F48BE8,?,00000000,?,?,?,?,00F48BBA,00000000,?), ref: 00F48FC5
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001053), ref: 00F86F7F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F86F96
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F86FAC
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F86FB7
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 534747d57075996d70dd1c6811cf67376ff5a4a82158f9f6b5e361a8fc5d032b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: feb7b183bce0b994a37ca0324ea98b18cc397280fc53e756ba12c4c4774e179e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 534747d57075996d70dd1c6811cf67376ff5a4a82158f9f6b5e361a8fc5d032b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4912AD31A00201EFDB25EF14C945BEABBE5FB45320F144469F999CB251CB36EC92EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00FB273E
                                                                                                                                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00FB286A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00FB28A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00FB28B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00FB2900
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00FB290C
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00FB2955
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00FB2964
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00FB2974
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00FB2978
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00FB2988
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FB2991
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00FB299A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00FB29C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,00000001), ref: 00FB29DD
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00FB2A1D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00FB2A31
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000404,00000001,00000000), ref: 00FB2A42
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00FB2A77
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00FB2A82
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00FB2A8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00FB2A97
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a19e29bf816f70cb41ff88a3ea916a11489904107cca888bc437343128d78804
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e1c11f037eb9c8d5df01b31244f52ecb49b458781bd7aaed6b9c39d3f5754524
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a19e29bf816f70cb41ff88a3ea916a11489904107cca888bc437343128d78804
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21B16FB1A00209AFEB24DF69CD4AFAE7BA9EB48710F148115F914E72D0DB74ED40DB94
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00FA4AED
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00FCCB68,?,\\.\,00FCCC08), ref: 00FA4BCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00FCCB68,?,\\.\,00FCCC08), ref: 00FA4D36
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec71fc57c768452d7dbef71e11587e7680cdf96e33d4e9b3882fed144ccbd1c0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cb75527d09e51b625944fd92ccccae06e69da24c196a3c73379e7f64bd76f09f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec71fc57c768452d7dbef71e11587e7680cdf96e33d4e9b3882fed144ccbd1c0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B61A7B160520A9BCB04DF14CA81A7C77B0AF86760B244415F90AEB6A1DFF5FD41FB52
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00FC7421
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00FC7425
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00FC743B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00FC7446
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(?), ref: 00FC744B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00FC7463
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00FC7471
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00FC7482
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00FC748B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00FC7498
                                                                                                                                                                                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 00FC74B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00FC74CE
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00FC74DB
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FC752A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00FC7554
                                                                                                                                                                                                                                                                                                                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00FC7572
                                                                                                                                                                                                                                                                                                                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 00FC757D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00FC758E
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00FC7596
                                                                                                                                                                                                                                                                                                                                                                                                                  • DrawTextW.USER32(?,00FC70F5,000000FF,?,00000000), ref: 00FC75A8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00FC75BF
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00FC75CA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00FC75D0
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00FC75D5
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00FC75DB
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00FC75E5
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 66b09b92374ccb530ae05fdd4b6dfa3ae585a5bbe319e9767034e6d1b6c52e97
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e908876455d3fc1e72ba01ed9b9b6e6050f07d05821e18987fedec8a2a1730a6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66b09b92374ccb530ae05fdd4b6dfa3ae585a5bbe319e9767034e6d1b6c52e97
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC617D72D00219AFDF009FA4DD4AEEEBFB9EB08320F144515F919AB2A1D7719940EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FC1128
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00FC113D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00FC1144
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC1199
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00FC11B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00FC11ED
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FC120B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00FC121D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,?), ref: 00FC1232
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00FC1245
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(00000000), ref: 00FC12A1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00FC12BC
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00FC12D0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00FC12E8
                                                                                                                                                                                                                                                                                                                                                                                                                  • MonitorFromPoint.USER32(?,?,00000002), ref: 00FC130E
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 00FC1328
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 00FC133F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000), ref: 00FC13AA
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a4f9cdc81bda229b62aa4df36acd3fa0a26d646c16bde4ecd2eba6672ba65050
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8d3d0e814b6086cbe759c3f6f430da6540a252a9311d5c9846af09a7c2a4031d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4f9cdc81bda229b62aa4df36acd3fa0a26d646c16bde4ecd2eba6672ba65050
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6B1AE71A08341AFD700DF64CA86F6ABBE4FF85314F00891CF9999B262C771E854EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00FC02E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC031F
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC0389
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC03F1
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC0475
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00FC04C5
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00FC0504
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4F9F2: _wcslen.LIBCMT ref: 00F4F9FD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F92258
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F9228A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 900ce60f0df08c8473fa2818d8654438fb84af4b8314b2486984c18891e4bab9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e34901f884af73775bf8d2aa44d16970c76820ee47961d8c9da8684aba18c317
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 900ce60f0df08c8473fa2818d8654438fb84af4b8314b2486984c18891e4bab9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4E1BF31608302DBC718DF24CA52E2AB3E5BF88324F14495CF9969B2A5DB34ED46EB51
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F48891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F48968
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00F48970
                                                                                                                                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F4899B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00F489A3
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00F489C8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00F489E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00F489F5
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00F48A28
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00F48A3C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(00000000,000000FF), ref: 00F48A5A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00F48A76
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F48A81
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: GetCursorPos.USER32(?), ref: 00F49141
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: ScreenToClient.USER32(00000000,?), ref: 00F4915E
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: GetAsyncKeyState.USER32(00000001), ref: 00F49183
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: GetAsyncKeyState.USER32(00000002), ref: 00F4919D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,00F490FC), ref: 00F48AA8
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c4aa677535f616008b55b90d6f0303af727abd34236ad77e4e87d9bbea7e7e7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d5c0e65200ed7f1685416f8eb3243582e57b7ac08bcb8c487cef77a1fd711aeb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c4aa677535f616008b55b90d6f0303af727abd34236ad77e4e87d9bbea7e7e7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29B17B31A0020AAFDB14DFA8DD45FAE3BB5FB48714F104219FA19E7290DB74E941EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F90D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F91114
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F91120
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F9112F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F91136
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F910F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F9114D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F90DF5
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F90E29
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00F90E40
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 00F90E7A
                                                                                                                                                                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F90E96
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00F90EAD
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F90EB5
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00F90EBC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F90EDD
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00F90EE4
                                                                                                                                                                                                                                                                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F90F13
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F90F35
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F90F47
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F90F6E
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90F75
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F90F7E
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90F85
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F90F8E
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90F95
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00F90FA1
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F90FA8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91193: GetProcessHeap.KERNEL32(00000008,00F90BB1,?,00000000,?,00F90BB1,?), ref: 00F911A1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F90BB1,?), ref: 00F911A8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F90BB1,?), ref: 00F911B7
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9eb9af8f8a8ade3411cb128ef6c4ce60af3fd81f638c43bb7b7f3c399ce58ce7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a3fc36f41eb12a3c7a06c85312fe3eab98b7e6b9081018f0dc024f2268bb5177
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9eb9af8f8a8ade3411cb128ef6c4ce60af3fd81f638c43bb7b7f3c399ce58ce7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D714B7290020AAFEF209FA5DD45FAEBBB8FF04314F044125F919E7191DB319A05EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FBC4BD
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,00FCCC08,00000000,?,00000000,?,?), ref: 00FBC544
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00FBC5A4
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBC5F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FBC66F
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00FBC6B2
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00FBC7C1
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00FBC84D
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00FBC881
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00FBC88E
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00FBC960
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e12d9f921180b5810eb487ad8864b074bae0c3fb690997087fc3016858dabda1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cbaabcb3d7b0f250eef16801d0df621c554b431f794cc139e4fc665506da5669
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e12d9f921180b5810eb487ad8864b074bae0c3fb690997087fc3016858dabda1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD126B756042019FDB14DF15C881A6AB7E5EF88724F18885CF88A9B3A2DB35FD41EF81
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00FC09C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC0A01
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00FC0A54
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC0A8A
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC0B06
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC0B81
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4F9F2: _wcslen.LIBCMT ref: 00F4F9FD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F92BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F92BFA
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b507728c92a0df4dec8a9752b92f6054985f83a105e5eb2f11d4e3963b9509a6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d6c15008b1e6e7a526085bd417a93c92bfcce61d72bb9921094873e5e486ca1a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b507728c92a0df4dec8a9752b92f6054985f83a105e5eb2f11d4e3963b9509a6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FE18E36608302DFCB14EF24C951A2AB7E1BF94324F14495CF89697362DB35ED46EB81
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3e560894d8cf7475ee522e759cb1c04aceef3457eace07187ae319e30fe60b87
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9cb8c3907a784f9755f8d602f05838abea83baee2ba9340d4f213dfc1b599ed6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e560894d8cf7475ee522e759cb1c04aceef3457eace07187ae319e30fe60b87
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85710533A0016A8BCB20EE2ACC516FF37959FA0774B214128FC559B295E638CD44BBE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC835A
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC836E
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC8391
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC83B4
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00FC83F2
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00FC5BF2), ref: 00FC844E
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00FC8487
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00FC84CA
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00FC8501
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00FC850D
                                                                                                                                                                                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00FC851D
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(?,?,?,?,?,00FC5BF2), ref: 00FC852C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00FC8549
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00FC8555
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc9cdc1252d02316bd7191c25e36761a1ebc75c1c6325182a25932f5d8d9a501
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 380161ba1c99d7085f43142495bf64f78b0e59c7a85f9f97196aeb4be1537fe6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc9cdc1252d02316bd7191c25e36761a1ebc75c1c6325182a25932f5d8d9a501
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A61D17194021ABAEB18DF64CD42FFE77A8BF04761F10450AF915D70D1DBB4A981EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F37778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6cf4e9ac769c1d3e9949c0c6c1ecf3ca8de2af661ac8a6e98d631bd735603c8b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a84ec6fc7c7f0fe7d6a197115242a1aa9e2640a9afead965ab15f28e706ab996
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cf4e9ac769c1d3e9949c0c6c1ecf3ca8de2af661ac8a6e98d631bd735603c8b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E481F8B1A04305BBDB20BF60CC43FAE7BA4AF14760F044025FD09AA192EBB4D915F792
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F95A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000063), ref: 00F95A2E
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00F95A40
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00F95A57
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00F95A6C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00F95A72
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00F95A82
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00F95A88
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00F95AA9
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00F95AC3
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F95ACC
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F95B33
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00F95B6F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00F95B75
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00F95B7C
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00F95BD3
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00F95BE0
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,?), ref: 00F95C05
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00F95C2F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bd7d5e7c448d1f2d2df73926b493b9dafa9c9a56abdd9347780085d896dad067
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: be1150821d3602bda9881e389f3f206f8de8891c4aad724cbc3feafdc4c5ba96
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd7d5e7c448d1f2d2df73926b493b9dafa9c9a56abdd9347780085d896dad067
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB717D31900A099FEB21DFA8CE86E6EBBF5FF48B14F104518E586A35A0D775E940EB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F500C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00F500C6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0100070C,00000FA0,832A3DDF,?,?,?,?,00F723B3,000000FF), ref: 00F5011C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00F723B3,000000FF), ref: 00F50127
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00F723B3,000000FF), ref: 00F50138
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00F5014E
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F5015C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F5016A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F50195
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F501A0
                                                                                                                                                                                                                                                                                                                                                                                                                  • ___scrt_fastfail.LIBCMT ref: 00F500E7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500A3: __onexit.LIBCMT ref: 00F500A9
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  • kernel32.dll, xrefs: 00F50133
                                                                                                                                                                                                                                                                                                                                                                                                                  • InitializeConditionVariable, xrefs: 00F50148
                                                                                                                                                                                                                                                                                                                                                                                                                  • WakeAllConditionVariable, xrefs: 00F50162
                                                                                                                                                                                                                                                                                                                                                                                                                  • SleepConditionVariableCS, xrefs: 00F50154
                                                                                                                                                                                                                                                                                                                                                                                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F50122
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4acd2b02cc7a8bb834b82a4c6a113fc258165372590a0722b089bb0c404f1184
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d0c265db2c2697ad45573fbd77fc5cff02eba1a9d7faa3c91d59fd085d86330f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4acd2b02cc7a8bb834b82a4c6a113fc258165372590a0722b089bb0c404f1184
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54212932E40B156BE7215B64AD07F6A7794EB04B62F04013AFD0A972C1DF788808BAD2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F930F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 213b8210681e746af9b23e2ccd1a06c955995ec56b88f0f262deb1af20cf1307
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2fde87fc10329123395a966cb27b32b83a89e27edbe8fc7a558f10eb5729715f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 213b8210681e746af9b23e2ccd1a06c955995ec56b88f0f262deb1af20cf1307
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1E1E532E00516ABDF18DFA8C841BFDBBB0BF44720F558119E956E7250DB30AE89B790
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharLowerBuffW.USER32(00000000,00000000,00FCCC08), ref: 00FA4527
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA453B
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA4599
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA45F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA463F
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA46A7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4F9F2: _wcslen.LIBCMT ref: 00F4F9FD
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,00FF6BF0,00000061), ref: 00FA4743
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1e8c691230f5e28235f2dbe1093497a327eac7fd65c8cb68caf52e857a148589
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8debabd50ec9d430ac24d090e94d07a30bd45bf3e8f557fd2b3600ef20f4a8a9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e8c691230f5e28235f2dbe1093497a327eac7fd65c8cb68caf52e857a148589
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEB1F3B1A083029FC710DF28C891A6AB7E5AFD6720F50491DF596C7291D7B4E844EB52
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(01001990), ref: 00F72F8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(01001990), ref: 00F7303D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F73081
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 00F7308A
                                                                                                                                                                                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(01001990,00000000,?,00000000,00000000,00000000), ref: 00F7309D
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00F730A9
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43a558747d1c2ee681dc8f5b95c07c3af6e9b92d28e4f3c8e645572bf0f688b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 75e578a325d3afbe5ae1d335def2b58f5f5d15f71d4a771b4a82e8a5a66d1752
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43a558747d1c2ee681dc8f5b95c07c3af6e9b92d28e4f3c8e645572bf0f688b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A71F831A44205BEFB218F24DD49F9ABF64FF05374F248216F5186A1D0C7B1A910FB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 00FC6DEB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00FC6E5F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00FC6E81
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FC6E94
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00FC6EB5
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00F30000,00000000), ref: 00FC6EE4
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FC6EFD
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00FC6F16
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00FC6F1D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00FC6F35
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00FC6F4D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49944: GetWindowLongW.USER32(?,000000EB), ref: 00F49952
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 801f489f7bb0161b933c6e35af0360377dc7ffe417e39a74dcba22fc91282842
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1ac532e1532bc993db52865d9d0ed51d7e739ddfafeaaee443c12884164b1ae3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 801f489f7bb0161b933c6e35af0360377dc7ffe417e39a74dcba22fc91282842
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5718870908245AFDB21CF18DA49FAABBE9FF88314F04041EF989C7261D775E906EB15
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragQueryPoint.SHELL32(?,?), ref: 00FC9147
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC7674: ClientToScreen.USER32(?,?), ref: 00FC769A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC7674: GetWindowRect.USER32(?,?), ref: 00FC7710
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC7674: PtInRect.USER32(?,?,00FC8B89), ref: 00FC7720
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00FC91B0
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00FC91BB
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00FC91DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00FC9225
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00FC923E
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00FC9255
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,?), ref: 00FC9277
                                                                                                                                                                                                                                                                                                                                                                                                                  • DragFinish.SHELL32(?), ref: 00FC927E
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00FC9371
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8fbd0b3f14f5deb6153dc172c0242e2202049d0c90da3aedc42f3116ca0b279b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 254f8717566e425b96ba3570ad7bf024f611cacf55ecc7d044f58885e51eeb45
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fbd0b3f14f5deb6153dc172c0242e2202049d0c90da3aedc42f3116ca0b279b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B616D71108305AFD701DF64DD86EAFBBE8EF88760F00091DF595931A0DBB49A49EB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00FAC4B0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00FAC4C3
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00FAC4D7
                                                                                                                                                                                                                                                                                                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00FAC4F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00FAC533
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00FAC549
                                                                                                                                                                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00FAC554
                                                                                                                                                                                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00FAC584
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00FAC5DC
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00FAC5F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00FAC5FB
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f389247796b208d338d8cb5a91ce61f60fb8aab64bfa0c6a07ec65cf1b21406
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f917366a960b87665276e6bcbc479fd0cdd8e82de3894f9f853ddb018840593b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f389247796b208d338d8cb5a91ce61f60fb8aab64bfa0c6a07ec65cf1b21406
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45513AB1900609BFDB219F64C989AAA7BFCEF09754F044419F94A97610DB34E944ABE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00FC8592
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FC85A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FC85AD
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FC85BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00FC85C8
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FC85D7
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00FC85E0
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FC85E7
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FC85F8
                                                                                                                                                                                                                                                                                                                                                                                                                  • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00FCFC38,?), ref: 00FC8611
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00FC8621
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00FC8641
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00FC8671
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00FC8699
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00FC86AF
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3e87838f3414c94749df61304f5d79f6060fe3c669c4ea693d5b6d5ae0f2d35c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bbf36b35a1350d7c7cb4fc6188b693d26294457e46557b364a2204e984bc4f06
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e87838f3414c94749df61304f5d79f6060fe3c669c4ea693d5b6d5ae0f2d35c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A414C71600209AFDB11CFA5CE4AEAA7BB8FF89761F14405CF909E7260DB709D01EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 00FA1502
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00FA150B
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00FA1517
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00FA15FB
                                                                                                                                                                                                                                                                                                                                                                                                                  • VarR8FromDec.OLEAUT32(?,?), ref: 00FA1657
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00FA1708
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00FA178C
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00FA17D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00FA17E7
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 00FA1823
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 87c311326d72f9b07f8214b6fcd47de32b368e4d7043ff404ddcd363dda03e68
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6acd70143e4e90f734995a71b2826e453f5a1f2977e7f9b6ca71089110e48e83
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87c311326d72f9b07f8214b6fcd47de32b368e4d7043ff404ddcd363dda03e68
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70D121B2E00505DFDB00DFA5D895B79B7B0BF46710F1A805AE84AAB180DB34DC04FBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FBB6AE,?,?), ref: 00FBC9B5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBC9F1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBCA68
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBCA9E
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FBB6F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00FBB772
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegDeleteValueW.ADVAPI32(?,?), ref: 00FBB80A
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00FBB87E
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00FBB89C
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00FBB8F2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00FBB904
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00FBB922
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00FBB983
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00FBB994
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5c5784204634ac1aade661c74f33eff46d759cb9faf3be0c6ec681ae171ed315
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: af39a60c11e986a985d3903d6effe1b6a1b964355b1b74d5088338a1c740f40c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c5784204634ac1aade661c74f33eff46d759cb9faf3be0c6ec681ae171ed315
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EC19E35608201AFD710DF15C895F6ABBE1FF84328F14845CE49A8B2A2CBB5EC45EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00FB25D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00FB25E8
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 00FB25F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00FB2601
                                                                                                                                                                                                                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00FB266D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00FB26AC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00FB26D0
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00FB26D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00FB26E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00FB26E8
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00FB26F3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 61c3eb590cbfd86c2f8ba44653abeb9b9dd638ee27b3566933555f62c2bee92b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb68bea57e184fe44dd51f09d2220d1630d1022774bc6c07dec81793a3c52cc9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61c3eb590cbfd86c2f8ba44653abeb9b9dd638ee27b3566933555f62c2bee92b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 696101B5D00219EFCF04CFA9C985EAEBBB6FF48310F248529E959A7250D734A941DF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 00F6DAA1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D659
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D66B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D67D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D68F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D6A1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D6B3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D6C5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D6D7
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D6E9
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D6FB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D70D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D71F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D63C: _free.LIBCMT ref: 00F6D731
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DA96
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000), ref: 00F629DE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: GetLastError.KERNEL32(00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000,00000000), ref: 00F629F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DAB8
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DACD
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DAD8
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DAFA
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB0D
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB1B
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB26
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB5E
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB65
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB82
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6DB9A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 78c0c0fe0a2a59f2e4f4b39e4dd74ce4d560f06dc434dfc6e657a4835ae38283
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 149657d1e4e543c7087c729544c4d2274dfc451570661603e17bf4def5e265cd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78c0c0fe0a2a59f2e4f4b39e4dd74ce4d560f06dc434dfc6e657a4835ae38283
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7317831F046049FEB25AA78EC41B6AB7F9FF80360F154529E048D7192DB38AC80FB20
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00F9369C
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F936A7
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00F93797
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00F9380C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00F9385D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F93882
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00F938A0
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000), ref: 00F938A7
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00F93921
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00F9395D
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 350f32c68f281133a9fc180abf8ab1b370edeffdf0b0947acf7958bc67352964
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4eec8736a8089507d306a7dc9e624f13af24040caa394f733c4756bfdd595125
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 350f32c68f281133a9fc180abf8ab1b370edeffdf0b0947acf7958bc67352964
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D910671604306AFEB19DF64C885FAAF7A9FF44350F004529F999C2190DB34EA49EBD1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F94954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00F94994
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00F949DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F949EB
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 00F949F7
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 00F94A2C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00F94A64
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00F94A9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000018,?,00000400), ref: 00F94AE6
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00F94B20
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F94B8B
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a2cadb11b4b01b3b6542ec490fc612561f9a86c37a8c721be4e29aa7f47dc50f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fa9a739ea90c5a9bf6338f18c58e6ce1b5fa3ec96dba76236b3040a5e5ccdead
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2cadb11b4b01b3b6542ec490fc612561f9a86c37a8c721be4e29aa7f47dc50f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B491B1714082099FEF04CF14C981FAA77E8FF94324F048469FD899A196DB34ED46EBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00FC8D5A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00FC8D6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00FC8D75
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00FC8E1D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00FC8ECF
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00FC8EEC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,00000000), ref: 00FC8EFC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00FC8F2E
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00FC8F70
                                                                                                                                                                                                                                                                                                                                                                                                                  • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00FC8FA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1cdc028f908887d5b0971e2ff52c1b98cdd62e277052fa73967035821c4c67a5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1688f9f5b2ab493688f81c2282e83f826ef868f8183ec2340af3dc6f1e2adcca
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cdc028f908887d5b0971e2ff52c1b98cdd62e277052fa73967035821c4c67a5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D681B4719043069FD710CF14CA86FAB7BE9FB883A4F04091DF98597291DB74D906EBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00F9DC20
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00F9DC46
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F9DC50
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 00F9DCA0
                                                                                                                                                                                                                                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00F9DCBC
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec19c36d096abfc5dfa902e43af56f9f9c4a2c3d5c4500f8e4b66cb06aee768f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3d206b226d6c0b92e8519774a94a08b770a54ebb44852ffd7f1bceeeeae6d47b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec19c36d096abfc5dfa902e43af56f9f9c4a2c3d5c4500f8e4b66cb06aee768f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A14127329402057AEB14AB74DC07EBF776CDF41761F20006AFE04E6192EB79D905B7A5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00FBCC64
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00FBCC8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00FBCD48
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00FBCCAA
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00FBCCBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00FBCCCF
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00FBCD05
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00FBCD28
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00FBCCF3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3a6be05363cd40b892ce73a6cce3aede31eeeaf6237daa19828a6d860ae7a155
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c04407a8eb1e671e596d15bc7a804c4a72e70d178c1dc79ace12d29e72ec2033
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a6be05363cd40b892ce73a6cce3aede31eeeaf6237daa19828a6d860ae7a155
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49318BB5D0112DBBDB208B52DC89EFFBB7CEF55750F000165E909E3200DA309A45BAE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FA3D40
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA3D6D
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00FA3D9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00FA3DBE
                                                                                                                                                                                                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?), ref: 00FA3DCE
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00FA3E55
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FA3E60
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FA3E6B
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f8cf21eb2fdd0d3c2e5b6459728ecd50cb8fc9b451cc6169a34cd7e8b28ca2a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 31576d08b160e98a608794492a132caece0a75883f14cd6dc2508215c0837392
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f8cf21eb2fdd0d3c2e5b6459728ecd50cb8fc9b451cc6169a34cd7e8b28ca2a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D631B2B290020DABDB219BA0DC49FEF37BCEF89750F1041B5FA09D6060EB749744AB64
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • timeGetTime.WINMM ref: 00F9E6B4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4E551: timeGetTime.WINMM(?,?,00F9E6D4), ref: 00F4E555
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00F9E6E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00F9E705
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00F9E727
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetActiveWindow.USER32 ref: 00F9E746
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F9E754
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00F9E773
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00F9E77E
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsWindow.USER32 ref: 00F9E78A
                                                                                                                                                                                                                                                                                                                                                                                                                  • EndDialog.USER32(00000000), ref: 00F9E79B
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 74ba3da6a1e0c510813eb4462011c95a85e82f0d9c6a35b39c5963b02cf6d0e5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c0e652ecf492ca2a87b537b8ca042819658ab08003e014bd36af812e150e48ac
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74ba3da6a1e0c510813eb4462011c95a85e82f0d9c6a35b39c5963b02cf6d0e5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B721C670600208AFFF119F61ED8EF253B69FB58758F080424F55982191DB7AAC50FB56
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F9EA5D
                                                                                                                                                                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F9EA73
                                                                                                                                                                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F9EA84
                                                                                                                                                                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F9EA96
                                                                                                                                                                                                                                                                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F9EAA7
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f838091cd4ca58ffd68aa3c102fc88985350e031c5218c9dccdee7b7d285a97f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d16d2f6821b76aa03174a0553aff53207717314eb875158d68bb9dfa45ad78c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f838091cd4ca58ffd68aa3c102fc88985350e031c5218c9dccdee7b7d285a97f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B114231A9021D79EB20E761DC4AEFB7A7CEFD1B50F4004297901E20E1DEB45905E6B1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F95CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00F95CE2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00F95CFB
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00F95D59
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00F95D69
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00F95D7B
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00F95DCF
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00F95DDD
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00F95DEF
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00F95E31
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00F95E44
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00F95E5A
                                                                                                                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00F95E67
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f14ac7661052388b3e2c61a4018b02128c28d633f8629c26d0d508b824478e48
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 77c97003e24e40ea0a6cc76c17049d4f120765b6a5043d0db858789ce951dd90
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f14ac7661052388b3e2c61a4018b02128c28d633f8629c26d0d508b824478e48
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC511FB1E00609AFDF18DF68CE8AEAE7BB5EB48710F108129F519E7290D7709E04DB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F48BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F48F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F48BE8,?,00000000,?,?,?,?,00F48BBA,00000000,?), ref: 00F48FC5
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00F48C81
                                                                                                                                                                                                                                                                                                                                                                                                                  • KillTimer.USER32(00000000,?,?,?,?,00F48BBA,00000000,?), ref: 00F48D1B
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyAcceleratorTable.USER32(00000000), ref: 00F86973
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00F48BBA,00000000,?), ref: 00F869A1
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00F48BBA,00000000,?), ref: 00F869B8
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F48BBA,00000000), ref: 00F869D4
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00F869E6
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d60af06578d1413c3beea4aa0c6798d023df6ea3d52a193ccb52717d3a7c6819
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b2bec7a2a3d9ecba77412f0685ee46f6885bc830bee73bc0a97ce58cb277266
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d60af06578d1413c3beea4aa0c6798d023df6ea3d52a193ccb52717d3a7c6819
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1061CE31902611DFDB369F14DA89B697BF1FB40362F104518E5829B5A0CB3AE982FF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F49838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49944: GetWindowLongW.USER32(?,000000EB), ref: 00F49952
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00F49862
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 827ceba26f481ba5122201670c8a62472622292cc01698b3ff839e8707c19894
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e318cc86b52e3b8e0dc3d376120a4fb58b3416926d5fc30b4b06804c795a8eb1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 827ceba26f481ba5122201670c8a62472622292cc01698b3ff839e8707c19894
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA4193316086449FDB209F3C9C49FBA3B65AB46330F684615FDA68B1E1D771D842FB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F996E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00F7F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00F99717
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00F7F7F8,00000001), ref: 00F99720
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00F7F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00F99742
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00F7F7F8,00000001), ref: 00F99745
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00F99866
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5eb3bcd8a39cbaae61690e69bdcb45d6b74be6308f93bb52b243a1ba5899db33
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 81b5d27c674b5df8ad07d555ca5ed1410481daf934987e2d2c4f18e9c5e4705b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb3bcd8a39cbaae61690e69bdcb45d6b74be6308f93bb52b243a1ba5899db33
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8414172804119AADF04FBE4CE46EEE7778AF55350F504029F605B2092EFB95F48EB61
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F906DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00F907A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00F907BE
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00F907DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00F90804
                                                                                                                                                                                                                                                                                                                                                                                                                  • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00F9082C
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F90837
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00F9083C
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 36d52a45ca7ec39a08d1b54ceb1ef8f9a659e7d9433dda86edaca25872f79a22
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e2e7311fc196e056edeac4c3c5979f9af5878f0b929ec3d9d5fd3ebb172ac72b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36d52a45ca7ec39a08d1b54ceb1ef8f9a659e7d9433dda86edaca25872f79a22
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14411572C1022DAFDF25EBA4DC85CEDB778BF44760F444129E905A31A1EB749E04EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00FB3C5C
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00FB3C8A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00FB3C94
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FB3D2D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetRunningObjectTable.OLE32(00000000,?), ref: 00FB3DB1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,00000029), ref: 00FB3ED5
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00FB3F0E
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoGetObject.OLE32(?,00000000,00FCFB98,?), ref: 00FB3F2D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000), ref: 00FB3F40
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00FB3FC4
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00FB3FD8
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a8a848bd030888a968ff1a96b289fee350a62a0f38528c94a69070af192f4e58
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b8d1f27818f3c5a2f7047111b86d1f82f512a49871e8fc4a0e99594e8050edf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8a848bd030888a968ff1a96b289fee350a62a0f38528c94a69070af192f4e58
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93C16571A083059FC700DF6AC98496BBBE9FF88754F14491DF98A9B250DB30EE05DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00FA7AF3
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00FA7B8F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(?), ref: 00FA7BA3
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00FCFD08,00000000,00000001,00FF6E6C,?), ref: 00FA7BEF
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00FA7C74
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,?), ref: 00FA7CCC
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00FA7D57
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00FA7D7A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00FA7D81
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00FA7DD6
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00FA7DDC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a3c20550673626184b68b797b1ae4ac913461cd6fede99496cdbf65b90649c52
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 45b851ece2dabaa4f9660431b8692bbfb352127f642e35c6f91edf2660dc90b5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3c20550673626184b68b797b1ae4ac913461cd6fede99496cdbf65b90649c52
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6C12AB5A04209AFCB14DF64C884DAEBBF9FF49314F148499E81ADB261D730ED45DB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00FC5504
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FC5515
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000158), ref: 00FC5544
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00FC5585
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00FC559B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FC55AC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a2211eb8d84b397c2f2fc48326b85ea64a963300dbaa9d34a2dd2c8c315a18fb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12315f7587b12d2d6a6bdcdf005a06aa7a6685f7133302051bbdbcac9e2f6568
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2211eb8d84b397c2f2fc48326b85ea64a963300dbaa9d34a2dd2c8c315a18fb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5618C3190060AABDF10DF54CE86FFE7B79AB05B24F104549F529AB290D774AA80FB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00F8FAAF
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAllocData.OLEAUT32(?), ref: 00F8FB08
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00F8FB1A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00F8FB3A
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00F8FB8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00F8FBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00F8FBB6
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayDestroyData.OLEAUT32(?), ref: 00F8FBC3
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F8FBCC
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00F8FBDE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F8FBE9
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 778c0629e75a9e59f533a16dedd576b1dab48ab3b41209ac9ffd1d17a0837369
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 49f29a5b5c426a335b05a4a283f50cb6861d5fb6bf7db8f0a9a453ec613672cb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 778c0629e75a9e59f533a16dedd576b1dab48ab3b41209ac9ffd1d17a0837369
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9413E35A002199FCB04EF64CC55DEEBBB9FF48354F008069E95AA7261DB34A949DFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F99C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00F99CA1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00F99D22
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00F99D3D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00F99D57
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00F99D6C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00F99D84
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00F99D96
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00F99DAE
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00F99DC0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00F99DD8
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00F99DEA
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 70262764f96fb4e6db3467ff1b609c9f216945bcb30152afe092db66e2b2a953
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 28dfbae6ecd68f4c5b64f4fdcb2206f03fd6a22bd98bdd821e419fce05e7bf42
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70262764f96fb4e6db3467ff1b609c9f216945bcb30152afe092db66e2b2a953
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4241FB30D0C7CA69FF31976889443B5BEA06F12364F09405EC9C6575C1EBE559C8EBA2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAStartup.WSOCK32(00000101,?), ref: 00FB05BC
                                                                                                                                                                                                                                                                                                                                                                                                                  • inet_addr.WSOCK32(?), ref: 00FB061C
                                                                                                                                                                                                                                                                                                                                                                                                                  • gethostbyname.WSOCK32(?), ref: 00FB0628
                                                                                                                                                                                                                                                                                                                                                                                                                  • IcmpCreateFile.IPHLPAPI ref: 00FB0636
                                                                                                                                                                                                                                                                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00FB06C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00FB06E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • IcmpCloseHandle.IPHLPAPI(?), ref: 00FB07B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSACleanup.WSOCK32 ref: 00FB07BF
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 462908edbde0def7d5b40f06f3ecad7762035c4004d16dee355b9ca8c8e68b65
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 049ea33b6bbbc06ecf263832ea710dacdae9f9177335b61f5eb384826478eac4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 462908edbde0def7d5b40f06f3ecad7762035c4004d16dee355b9ca8c8e68b65
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 539190359042019FD720DF16C989F5BBBE0EF44328F1885A9F4698B6A2CB34EC45EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9fbd70ee54cc8b8a5b4103ae8e829ec7aa7382f93b2d11c43d96368431e75ee5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e7d594a5d76813f62bd2c5120aa038ab9ce5733999bae18bdb0cbe033a58d9d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fbd70ee54cc8b8a5b4103ae8e829ec7aa7382f93b2d11c43d96368431e75ee5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB51B431A041169BCB14DFA9C9419FEB7A9BFA4364B204229E916E7284DF34DD42EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32 ref: 00FB3774
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00FB377F
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000017,00FCFB78,?), ref: 00FB37D9
                                                                                                                                                                                                                                                                                                                                                                                                                  • IIDFromString.OLE32(?,?), ref: 00FB384C
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00FB38E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00FB3936
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e6d25bc4b5437e65be3f435abf008bfbe8b62012b6d13f4e6e4ec21b0f2e0238
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 71203e1948a633ae1b964c811771d907e82e5d04f393c8e22586653aaeb84f1a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6d25bc4b5437e65be3f435abf008bfbe8b62012b6d13f4e6e4ec21b0f2e0238
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B61A072648301AFD710DF55C889FAABBE8EF44710F104809F98597291DB74EE48EF92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 00FA8257
                                                                                                                                                                                                                                                                                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 00FA8267
                                                                                                                                                                                                                                                                                                                                                                                                                  • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00FA8273
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00FA8310
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA8324
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA8356
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00FA838C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA8395
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 37825269ef1e855fba01f60e208668ee6d289bf34000b041fbaee4c4ec31ebad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf71991163eede01e58258ccf49e5ef5aa8fc3107ad5d29bcac5c57266d25b20
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37825269ef1e855fba01f60e208668ee6d289bf34000b041fbaee4c4ec31ebad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD618DB25083059FCB10EF60C841AAEB3E8FF89360F04491EF989D7251DB75E946DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00FA33CF
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00FA33F0
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3db9bf5284ec299a4178235bdbf994389a53bf5aef737b1c5997afea289b71f1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: abc96c998d0a60460aa83cef109a2984c73a7ead069de1c2744ce0c9ab345738
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3db9bf5284ec299a4178235bdbf994389a53bf5aef737b1c5997afea289b71f1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A51AF72C0420AAADF15EBA0CD42EEEB778EF04350F148065F505B2062EB796F58FB61
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 15c678affaf7e9dd1d3683b260248f96aa16453c259ec714e60f54862508eaf0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 07a26ffc8577a8d7c52217ee75912d7809c62f8561b482f97eae0f952e396c99
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15c678affaf7e9dd1d3683b260248f96aa16453c259ec714e60f54862508eaf0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74412933E0002A9BDF206F7DDE905BE77A5AFA0774B244269E521D7280E735EC81E790
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00FA53A0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00FA5416
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00FA5420
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,READY), ref: 00FA54A7
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bb3865c5d1271ec33d5025df8f147470122dbe883347dfcd756c25e93168de0e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 48f67fac31e8f2fd4aca3afd361f8e45e7e3de4b273941e06446c0127d511585
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb3865c5d1271ec33d5025df8f147470122dbe883347dfcd756c25e93168de0e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E231F6B5E006089FC710DF68C894FAD7BB4EF4A715F188055E905CB262DB75ED82EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateMenu.USER32 ref: 00FC3C79
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00FC3C88
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FC3D10
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00FC3D24
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00FC3D2E
                                                                                                                                                                                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00FC3D5B
                                                                                                                                                                                                                                                                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00FC3D63
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d684f56ae8d796371fa051afbd8c64b1041bd40fc93df12d7311be71491d5b1a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ff02fe79cb447c9b7e60be39fb78189235908ce49de8dd603f53e31d95b2ae6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d684f56ae8d796371fa051afbd8c64b1041bd40fc93df12d7311be71491d5b1a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F416B75A0120AAFDB14CF64D945FAA7BB5FF49350F14442CF946A7350D731AA10EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00FC3A9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00FC3AA0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC3AC7
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00FC3AEA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00FC3B62
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00FC3BAC
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00FC3BC7
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00FC3BE2
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00FC3BF6
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00FC3C13
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5ac84ca32a61a6abc052ab2544124e4ebd15d4fbae1892689e0a7b84d14b3f3e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 562e3ed2c662157bec28f26f5ffd456e94c87504aeea7e43eb0124f541e90559
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ac84ca32a61a6abc052ab2544124e4ebd15d4fbae1892689e0a7b84d14b3f3e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82618A75900209AFDB21DFA8CD82FEE77F8EB49310F104099FA15A7291C774AE41EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F9B151
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B165
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00F9B16C
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B17B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F9B18D
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B1A6
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B1B8
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B1FD
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B212
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F9A1E1,?,00000001), ref: 00F9B21D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ced843a24019cee4a9af76562f8f2b805da9b8b9515d148408b338a8acd65a5d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 443fe473f319dad72ee74a8c4a2b268f7df20070dab4c1542467327f6268bd77
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ced843a24019cee4a9af76562f8f2b805da9b8b9515d148408b338a8acd65a5d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5318E71900208AFEF27DF25EE59F6D7BA9FB51321F104005FA49DB180D7B9A941AF60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F62C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62C94
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000), ref: 00F629DE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: GetLastError.KERNEL32(00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000,00000000), ref: 00F629F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CA0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CAB
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CB6
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CC1
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CCC
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CD7
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CE2
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CED
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62CFB
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fff07eedab689fd0cc18de3ad0e1491b5924cd43b6e445a17670f7b9e4301654
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f4c6f0741a3caaf91430f43c648b3d966ee635c43ef3545d57da6ec4f3d05347
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fff07eedab689fd0cc18de3ad0e1491b5924cd43b6e445a17670f7b9e4301654
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA119376600508AFCB86EF58DC82CDD3BB5FF45390F4144A5FA489B222DA35EA50BB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00FA7FAD
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA7FC1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00FA7FEB
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00FA8005
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA8017
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00FA8060
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00FA80B0
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 87a11d616ef409676957c124201c1c7117acc867b9fcaf7292f16c363aa5c555
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a9232e54d78c92b1787c806c9f0d3bd0253001d78927372218881dfb484f70d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87a11d616ef409676957c124201c1c7117acc867b9fcaf7292f16c363aa5c555
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C81B6B29083459BCB24EF14CC84E6AB3E8BF86360F144C5EF885D7250DB75DD45AB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F35BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00F35C7A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F35D0A: GetClientRect.USER32(?,?), ref: 00F35D30
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F35D0A: GetWindowRect.USER32(?,?), ref: 00F35D71
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F35D0A: ScreenToClient.USER32(?,?), ref: 00F35D99
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32 ref: 00F746F5
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F74708
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00F74716
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00F7472B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00F74733
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F747C4
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b21069ce189c107668efe47718cd70e7c7972419e81fc03463c65be25d90e6f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1bb59ce9ead5bb54b22e4679ee97f02ac37ca840790558e85ab75d0b45f876e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b21069ce189c107668efe47718cd70e7c7972419e81fc03463c65be25d90e6f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1671E331800205DFCF268F64C985AB97BB5FF4A374F14822AED595A166C335A842FF52
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00FA35E4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(01002390,?,00000FFF,?), ref: 00FA360A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 51c99bd79b5922a0b19f7ffa0352812e3c8ca2c27c78610fac24b7f9f8e9a639
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e0e56901b1e43a64bbaa6e88a36b814de6e3df7cea12e50b2aa92a2c6b34d09
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51c99bd79b5922a0b19f7ffa0352812e3c8ca2c27c78610fac24b7f9f8e9a639
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12517FB1C0421ABADF15EBA0CC42EEDBB38EF05310F144125F505721A1EB795B99EFA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: GetCursorPos.USER32(?), ref: 00F49141
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: ScreenToClient.USER32(00000000,?), ref: 00F4915E
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: GetAsyncKeyState.USER32(00000001), ref: 00F49183
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4912D: GetAsyncKeyState.USER32(00000002), ref: 00F4919D
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00FC8B6B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ImageList_EndDrag.COMCTL32 ref: 00FC8B71
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 00FC8B77
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 00FC8C12
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00FC8C25
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00FC8CFF
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 96cbc32a74401b37f5af2ee192b704036025edc5d06b1fd8d21a33f2089b1a43
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d66e2a31d2740a6366f810cb8635168879d70ea59e9ec962af813ef42948b58
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96cbc32a74401b37f5af2ee192b704036025edc5d06b1fd8d21a33f2089b1a43
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F651AE71508305AFD710EF24CD96FAA77E4FB88760F00061DF996A72E1CB759904EBA2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00FAC272
                                                                                                                                                                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00FAC29A
                                                                                                                                                                                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00FAC2CA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00FAC322
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00FAC336
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00FAC341
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 00222de189e2b816f14e23de31e6652af7be13e2aedf4931ebb30c30315c2930
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f212d4c8f5f657b54561bae51e2178dd62098b8ebbeb9eafaf745ceb07e03215
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00222de189e2b816f14e23de31e6652af7be13e2aedf4931ebb30c30315c2930
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2313CB1900708AFDB219F649D89AAB7AECEF4A754B14851AE44AD3200DB34D905ABE1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F73AAF,?,?,Bad directive syntax error,00FCCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00F998BC
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00F73AAF,?), ref: 00F998C3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F99987
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b8cdc8a700ec38246cb773ca7b7fcd75961c2627a0dae64ef504ff4b6989699b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 480f5deb6655b149ee8326a176b243bccef97857bde37e65dd447420bab6984c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8cdc8a700ec38246cb773ca7b7fcd75961c2627a0dae64ef504ff4b6989699b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25217E3284421EABDF15EF90CC06EEE7775FF18710F044419F619660A2EBB99618FB51
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetParent.USER32 ref: 00F920AB
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 00F920C0
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00F9214D
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ef880bb506e650a2689cccfb7f93859b9148fb661d004e7b1cb0724a8a2d801
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8620007239390e547cb34bb8bc4017937f3e3a070a92d0bf2b03d9565582689e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ef880bb506e650a2689cccfb7f93859b9148fb661d004e7b1cb0724a8a2d801
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6112C7768870ABAFE412620DC07DF6379CCF04725F200016FB08A50F1FE65A8957654
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F68D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4cbbfc3ee2fbf46e8f2ea3fd00cc842ebea1264cd3dd59781647abf3e0f80705
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e935344005c3f2e9405047e801188d56d7b8a4183ce383118d470873bd3706fa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cbbfc3ee2fbf46e8f2ea3fd00cc842ebea1264cd3dd59781647abf3e0f80705
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CC12475D08249AFCF11DFA8C841BADBBB4EF09360F044199F915A7392CB758946EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e6faf591e812ae849dc287e2793ad1217cf242627fa8b3c42681de3ba016fe9d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b097932f773483763a6a941e9d9163f722cabdda4b0d3cb024eeb82f30e4dd4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6faf591e812ae849dc287e2793ad1217cf242627fa8b3c42681de3ba016fe9d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71611471E04201AFDB25AFB49C81B7E7BA5AF05360F04416EF9C597286DB3A9901B7F0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00FC5186
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00FC51C7
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005,?,00000000), ref: 00FC51CD
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00FC51D1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FC6FBA: DeleteObject.GDI32(00000000), ref: 00FC6FE6
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC520D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FC521A
                                                                                                                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00FC524D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00FC5287
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00FC5296
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: de6fce36560383631556a80dde7c62efd7c4b849d4d2720910e98973b9df669f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 69b27162bb7fadfa40e1169b71e1c7a93656fe00b9e9c27203b0018bb28b23a5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de6fce36560383631556a80dde7c62efd7c4b849d4d2720910e98973b9df669f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97519E30E40A0ABEEB209F24CE4BFD93BA5EB05B24F584009F519962E1C375B9C0FB40
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F48B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00F86890
                                                                                                                                                                                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00F868A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F868B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00F868D1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F868F2
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F48874,00000000,00000000,00000000,000000FF,00000000), ref: 00F86901
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F8691E
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F48874,00000000,00000000,00000000,000000FF,00000000), ref: 00F8692D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a91ba30bdeef007cbd74a9d76a10ac04f58d78544bd00eeea10bf5bdaaeef7dc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf2628e696e8e071abaa49ecee489cc53f579910cff3b8689a848d4febb3d969
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a91ba30bdeef007cbd74a9d76a10ac04f58d78544bd00eeea10bf5bdaaeef7dc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC515970A00209EFDB20DF24CD46FAA7BB5EF88760F104518F95AD72A0DB75E991EB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00FAC182
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00FAC195
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?), ref: 00FAC1A9
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FAC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00FAC272
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FAC253: GetLastError.KERNEL32 ref: 00FAC322
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FAC253: SetEvent.KERNEL32(?), ref: 00FAC336
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FAC253: InternetCloseHandle.WININET(00000000), ref: 00FAC341
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e4ba750544614502097c1c7d6ea8f41dcbd64d00c53f0cbe6a37bf2a70831f24
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fef2b9b27d6cb90788aa66820ddd76754683bf261d03f1c927f879a7a0c5b3ef
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4ba750544614502097c1c7d6ea8f41dcbd64d00c53f0cbe6a37bf2a70831f24
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42319EB1600609AFDB219FA5DE44BA6BBF8FF5A310B04441EF95A83610D731E814FBE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F925A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F93A57
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: GetCurrentThreadId.KERNEL32 ref: 00F93A5E
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F925B3), ref: 00F93A65
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F925BD
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00F925DB
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00F925DF
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F925E9
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00F92601
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00F92605
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F9260F
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00F92623
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00F92627
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d405738c91864bc60abce1fe172088f1197b9e11d18e9f6b71cb0829ecda509e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 06e3e566138b5313533b337b893cf5c0ee6e0568f8dde6f5255fa5047e2e5b9b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d405738c91864bc60abce1fe172088f1197b9e11d18e9f6b71cb0829ecda509e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F01D431790214BBFB20676A9C8BF593F59DB4EB12F110001F31CAF1D2C9F22444AAA9
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00F91449,?,?,00000000), ref: 00F9180C
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00F91449,?,?,00000000), ref: 00F91813
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F91449,?,?,00000000), ref: 00F91828
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00F91449,?,?,00000000), ref: 00F91830
                                                                                                                                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00F91449,?,?,00000000), ref: 00F91833
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F91449,?,?,00000000), ref: 00F91843
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00F91449,00000000,?,00F91449,?,?,00000000), ref: 00F9184B
                                                                                                                                                                                                                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00F91449,?,?,00000000), ref: 00F9184E
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00F91874,00000000,00000000,00000000), ref: 00F91868
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a6ff852a584debf8b280a1b93f07f61544b7bf7f27ea8643a0dac64e7113351d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ce7ccccbcb21f1b545234fb10912bfb16a0afcd3dacd343759382562c9b13e96
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6ff852a584debf8b280a1b93f07f61544b7bf7f27ea8643a0dac64e7113351d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F01BFB5240348BFE710AB66DD4EF5B3B6CEB89B11F044411FA05DB192C6759800DB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00F9D501
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00F9D50F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9D4DC: CloseHandle.KERNEL32(00000000), ref: 00F9D5DC
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00FBA16D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00FBA180
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00FBA1B3
                                                                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00FBA268
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 00FBA273
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FBA2C4
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69d33fee6605247dd2d3fd29db8769308134fa07fc53ee15322fc288a03d67be
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b02c4c8c95f4d0adeb9e1e462024e4247f1767a7260c913005f0d4fb3ff40372
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69d33fee6605247dd2d3fd29db8769308134fa07fc53ee15322fc288a03d67be
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6161A131604242AFD720DF19C895F55BBE1AF44328F18849CE46A8BBA3C776EC45DF92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00FC3925
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00FC393A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00FC3954
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC3999
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 00FC39C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00FC39F4
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ca6821758417711b6c212ccd6d7bb882c89e7925af8ec79f129cdee58856442a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c2a334c588cc688ca19bf515879d58de15a9fa5e02615b43b4cb603e3b3e8ff7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca6821758417711b6c212ccd6d7bb882c89e7925af8ec79f129cdee58856442a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D541C871D00219ABDF219F64CD46FEA77A9EF08390F104529F548E71C1D775DA44EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F9BCFD
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsMenu.USER32(00000000), ref: 00F9BD1D
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00F9BD53
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(010E4B98), ref: 00F9BDA4
                                                                                                                                                                                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(010E4B98,?,00000001,00000030), ref: 00F9BDCC
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cba4152e251c85fdccad1f063f6a823e8c4f63a883ce65b0e481dcce89cf3f9e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e61719ab0a0819842d873e2f3b089500d1b598d690836901d0e568f4a3cf600
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cba4152e251c85fdccad1f063f6a823e8c4f63a883ce65b0e481dcce89cf3f9e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C51D170A00209DBFF11CFA9EA88BAEBBF4FF45324F14411AE405D7290D7749941EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F03), ref: 00F9C913
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d418944562558cc12c77e9038faa1a4574b3bf4dd51b8a84a5ff8c6afae70c38
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 827c8d7fe599e0b04276fd26ba134b590669fcabfa8be543fef3a14bcc821457
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d418944562558cc12c77e9038faa1a4574b3bf4dd51b8a84a5ff8c6afae70c38
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59110033A8930ABAFF056B549C83DAA7B9CDF15769B10002AF604E6192DB74AD4073E5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a0f7e5e9f7d4d00d0b9771717efb8663b4049cd28b6b057da1f1a6c38c6e415c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 39171252ec8f187d48992d126f802ad34ea456cae342bf39270cdf8da945fd72
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0f7e5e9f7d4d00d0b9771717efb8663b4049cd28b6b057da1f1a6c38c6e415c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A941B265C1021875DF11EBF48C8A9CFB7B8EF45311F508466EA18E3122FB38E249D3A5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F8682C,00000004,00000000,00000000), ref: 00F4F953
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00F8682C,00000004,00000000,00000000), ref: 00F8F3D1
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F8682C,00000004,00000000,00000000), ref: 00F8F454
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 210f713d355673cd07ff6c084335a50872f0398c7f90ffa3601a7d71e9277643
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ff0cd6909c41fd8ee0396dabbab53e08f7effb3d49b604922d9575ab560d859b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 210f713d355673cd07ff6c084335a50872f0398c7f90ffa3601a7d71e9277643
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E413B31A18640BED7399F28CD88B6A7F91AF56320F14443DE88F53660C732A888FB51
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00FC2D1B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00FC2D23
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FC2D2E
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00FC2D3A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00FC2D76
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00FC2D87
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00FC5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00FC2DC2
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00FC2DE1
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5b3de7f600d99fa2f699bbd0c12e164d7ad65a2bc6f29f56a1086ddbb73076cf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1df263becc5009b442f24b95207ba55718f795c6955a319820b7bee4ee98c451
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b3de7f600d99fa2f699bbd0c12e164d7ad65a2bc6f29f56a1086ddbb73076cf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B318B72201214BFEB118F548E8AFEB3BA9EF59721F084055FE099B291C6759C41DBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F95622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0f07bcf1d6cb21f5e8eab80baf54bbc3e85b81d8f5ba53ac9ee75cfb7d3ecc93
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 83d55d4e5326150de52a84ca164190786bada12305a5a498d99994093df9cc15
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f07bcf1d6cb21f5e8eab80baf54bbc3e85b81d8f5ba53ac9ee75cfb7d3ecc93
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52213A62F4090A77FA159D208E93FBA734DBF51B91F400024FE049A541F724FE18B7A6
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fbc91309c797ab60beead34a3cd7a7ba0c83bbfb16c488e46093b30d4d2c55b5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e67c65d8a13b8ca435ddd919b18ac7848cb12bfe9e7744cc8c47259162e6f17b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbc91309c797ab60beead34a3cd7a7ba0c83bbfb16c488e46093b30d4d2c55b5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BD1EC71A0060AAFDF10DFA9C880BEEB7B5BF48754F148069E915AB280E774DD45DFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F71522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00F717FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00F715CE
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00F717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F71651
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00F717FB,?,00F717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F716E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00F717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F716FB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F63820: RtlAllocateHeap.NTDLL(00000000,?,01001444,?,00F4FDF5,?,?,00F3A976,00000010,01001440,00F313FC,?,00F313C6,?,00F31129), ref: 00F63852
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00F717FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F71777
                                                                                                                                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F717A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F717AE
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9fb93cf540668aa19f5110a743e8f913f88fe02be32ba3005e4d76b080ecde18
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c355d6a0854e5fef48adfa5a83f3fd6fa7b75be8c114fd17bc4825693d8c5b1b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fb93cf540668aa19f5110a743e8f913f88fe02be32ba3005e4d76b080ecde18
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C91E972E002165ADF288E7CCC41EEE7BB5BF45720F18865AE809E7140D735DD49E7A2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ad76f262a880e2cb0e272513c98e12fb72e2936475a9a9161c68131d3a26fa4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 58adcbcaa3e07216c8e19873b7213d93130a4f85e21e5a84d83824af8c521fe0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ad76f262a880e2cb0e272513c98e12fb72e2936475a9a9161c68131d3a26fa4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA918271E00219ABDF20CF66C944FEEBBB9AF45720F108559E505AB282D770A945DFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00FA125C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00FA1284
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00FA12A8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FA12D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FA135F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FA13C4
                                                                                                                                                                                                                                                                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00FA1430
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3e7ffc54d8855bac65c6282a8e851dae5cf3a58f5ec82045f3e7e692aa2518a1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fac13f3e811d0e54b938b7b9a742abac063dc05f1aec0379687a03ebeb524c2b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e7ffc54d8855bac65c6282a8e851dae5cf3a58f5ec82045f3e7e692aa2518a1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9691E6B1E002099FDB00DF98C885BBE77B5FF46325F164029E941EB291D778E945EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5dae07ea525b743813cd26840e974860c7ea799bac5a0f18f93977ed48b7846a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 88fa6172958918ca1419e835d425b4355d02cf37769c299c72b3d5da56e6afef
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dae07ea525b743813cd26840e974860c7ea799bac5a0f18f93977ed48b7846a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01912871E44219AFCB10DFA9CC84AEEBFB8FF49320F244159E915B7251D378A941EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00FB396B
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?), ref: 00FB3A7A
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FB3A8A
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00FB3C1F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FA0CDF: VariantInit.OLEAUT32(00000000), ref: 00FA0D1F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FA0CDF: VariantCopy.OLEAUT32(?,?), ref: 00FA0D28
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FA0CDF: VariantClear.OLEAUT32(?), ref: 00FA0D34
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5637ceaaedc00a68080ef00a6359abb226e44a4a704543927252df4b9664993c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 94c5b8781c4eff2b0e30bac6a968ff606a1de6f42630eacc59e5225866a13ce3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5637ceaaedc00a68080ef00a6359abb226e44a4a704543927252df4b9664993c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47913675A083059FC704EF25C88196AB7E5BF88324F14892DF88997351DB34EE45EF92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?,?,00F9035E), ref: 00F9002B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?), ref: 00F90046
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?), ref: 00F90054
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?), ref: 00F90064
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00FB4C51
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FB4D59
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00FB4DCF
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 00FB4DDA
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b0e300ec7ef065fcbbc514f1caa359b92cda2067cc70a2616502c603e42cc0b0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e30c6d2a873ff69eb17a38e74bf793399945412841a283dac941502e25bc3fdf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0e300ec7ef065fcbbc514f1caa359b92cda2067cc70a2616502c603e42cc0b0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE911671D0021DAFDF14DFA5CC91AEEB7B8BF48310F108169E915A7291DB74AA44EFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenu.USER32(?), ref: 00FC2183
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 00FC21B5
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00FC21DD
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC2213
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemID.USER32(?,?), ref: 00FC224D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSubMenu.USER32(?,?), ref: 00FC225B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F93A57
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: GetCurrentThreadId.KERNEL32 ref: 00F93A5E
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F925B3), ref: 00F93A65
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00FC22E3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9E97B: Sleep.KERNEL32 ref: 00F9E9F3
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b7b57d8b6b068fdc847ea262b5c3bdbf9d9269b47c460fea52c3d31b91aa7420
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fca90c13dc46fdff3ec4498fa4246aea8f6052bb9046697920af51f5db19a856
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7b57d8b6b068fdc847ea262b5c3bdbf9d9269b47c460fea52c3d31b91aa7420
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40718E75E00206AFDB54EF64C942FAEB7F1EF48320F148459E816EB341D738AD41AB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00F9AEF9
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00F9AF0E
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00F9AF6F
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 00F9AF9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 00F9AFBC
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00F9AFFD
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F9B020
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 898a758c5ab2a417faf40bc7f9c8a9331b514608025077334aed0470737c4a35
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d9dd83d8c2c3e31ea27f98fc55a4fae7bebcd8fd7e38b04e582f279ec8b4e92
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 898a758c5ab2a417faf40bc7f9c8a9331b514608025077334aed0470737c4a35
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C851D1A1A047D53DFF3743348D49BBABEA95B06318F088589E1D9458D2C3D9ACC8F791
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetParent.USER32(00000000), ref: 00F9AD19
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00F9AD2E
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00F9AD8F
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F9ADBB
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F9ADD8
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F9AE17
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F9AE38
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42d1c60442cb784ff7be0458aa38a04342d56bbe6c1db5310b3b2ab3c7444861
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c41996d84e70317f353046b2aaca43859b5f1397a88bf9c91e99b7c4ed3d5c84
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42d1c60442cb784ff7be0458aa38a04342d56bbe6c1db5310b3b2ab3c7444861
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC51D5A1D047D53DFF3793358C55B7A7EA85B46310F088489E1D9468C2D294EC98F7D2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(00F73CD6,?,?,?,?,?,?,?,?,00F65BA3,?,?,00F73CD6,?,?), ref: 00F65470
                                                                                                                                                                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00F654EB
                                                                                                                                                                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00F65506
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00F73CD6,00000005,00000000,00000000), ref: 00F6552C
                                                                                                                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00F73CD6,00000000,00F65BA3,00000000,?,?,?,?,?,?,?,?,?,00F65BA3,?), ref: 00F6554B
                                                                                                                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,00F65BA3,00000000,?,?,?,?,?,?,?,?,?,00F65BA3,?), ref: 00F65584
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d42a9af1b3bf286618d9fbeed2ab7ebaf2030c7a0ba37f7a5818f2655aa06e73
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d5c1456a2f136d58c50f59d9c43b0430267d5aa722060bf6fa8a63f0cee9254
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d42a9af1b3bf286618d9fbeed2ab7ebaf2030c7a0ba37f7a5818f2655aa06e73
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B851DFB1E006499FDB10CFA8D846AEEBBF9EF08710F18411EF946F3291D6309A41DB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F52D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00F52D4B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00F52D53
                                                                                                                                                                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00F52DE1
                                                                                                                                                                                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00F52E0C
                                                                                                                                                                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00F52E61
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8a663c2390f4e43e973773d04606ebb373973cc707460d5bfb0aeef2f00cc0f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aa77299c459bc567a4c195cc1a1f228f1b5d5abc269d3407529d1dcd09fce808
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8a663c2390f4e43e973773d04606ebb373973cc707460d5bfb0aeef2f00cc0f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9041E834E002089BCF10DF68CC45A9EBBB5BF46326F148255EE146B352D735DA09EBD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FB304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00FB307A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FB304E: _wcslen.LIBCMT ref: 00FB309B
                                                                                                                                                                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00FB1112
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB1121
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB11C9
                                                                                                                                                                                                                                                                                                                                                                                                                  • closesocket.WSOCK32(00000000), ref: 00FB11F9
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2a0ef10c9c87fd122812cc3daeea518ef75f3952ad7f2137a419058c82276be4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5c976218307d2e1381e8cb5b95845b53b58bca90738b4a8aba6aaf5840bd138
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a0ef10c9c87fd122812cc3daeea518ef75f3952ad7f2137a419058c82276be4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D41D036600208AFDB109F29CC95BEABBA9FF45364F148059F909AB291C774AD41DFE0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F9CF22,?), ref: 00F9DDFD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F9CF22,?), ref: 00F9DE16
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00F9CF45
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00F9CF7F
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F9D005
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F9D01B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 00F9D061
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 44f0a99d364e1bc74ef17fc3219208d88c95d082609533be5bf813fa61762c59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 798038c7c8da9977500c7a0a1551f0061b0ee4cc95e207464b4c97a01ba858f4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44f0a99d364e1bc74ef17fc3219208d88c95d082609533be5bf813fa61762c59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F415871D051185FEF12EBA4DD81EDDB7B8AF04384F1000E6E509E7141EA74A688DB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00FC2E1C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC2E4F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC2E84
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00FC2EB6
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00FC2EE0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC2EF1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FC2F0B
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a6bac163865a9f5be888c63df0f3e06919d170a28ccf99a38b944aaf13c2a55c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8cffeba59296894baebce81cd110e9f7d85ad5971e7da97e64dee41f5b893d1d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6bac163865a9f5be888c63df0f3e06919d170a28ccf99a38b944aaf13c2a55c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D311931A04156AFDB61DF58DE86FA537E1FB4A720F150168F9449F2A1CB72EC40EB41
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F97726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F97769
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F9778F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00F97792
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00F977B0
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00F977B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00F977DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00F977EC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8a4d6ec7fc0898920d21ff193011350b4a00b9201341453abbc0d5baf2ca4680
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cc796317202ed4ff2e8db7fd06cc56a432131a937b43d5ef1d38b84e603ce071
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a4d6ec7fc0898920d21ff193011350b4a00b9201341453abbc0d5baf2ca4680
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F21C476A04319AFEF10EFE9CC89DBB77ACEB093647048025F908DB150D670DC45A7A1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F977FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F97842
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F97868
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00F9786B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32 ref: 00F9788C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 00F97895
                                                                                                                                                                                                                                                                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00F978AF
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00F978BD
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 98fd1e2091a6fe3416edba217e96d4f472ae7ff51ba38aaf30fad5bbd2c568fa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 897c6a86ecf36a18a5b75055c2d706635aae71ff2ecb935f3ba1f0e7d60c4c9d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98fd1e2091a6fe3416edba217e96d4f472ae7ff51ba38aaf30fad5bbd2c568fa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4217731A14308AFEF10EFA8DC89DAA77ECFB097607148125F915CB1A1D674DC41DB64
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(0000000C), ref: 00FA04F2
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00FA052E
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a48ff1ec74a7bdbbc197a68f0ee333138bf94b1f32c0cb059dbcc114a097e150
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f21d93a65fe0dc82b1eb36043876e90b48503e1c300d1c159a3db5e3d67f4d1e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a48ff1ec74a7bdbbc197a68f0ee333138bf94b1f32c0cb059dbcc114a097e150
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 782191B5D003059FDB208F29EC05A9A7BB4AF46760F244A18E8A1D31E0DB709940EF60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 00FA05C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00FA0601
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42503efe5c6855636095ae7789e8034aad8362f63c81a9c2e836c23228e6679d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df54424ff4cd0ed0065d456441b41f135855c0deb3ebef8f1fe7c4f48069cf96
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42503efe5c6855636095ae7789e8034aad8362f63c81a9c2e836c23228e6679d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD2183B59003059FDB209F69AC05E9A77F4BF96734F200A19F9A1E73E0DB719860EB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F3604C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3600E: GetStockObject.GDI32(00000011), ref: 00F36060
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F3606A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00FC4112
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00FC411F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00FC412A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00FC4139
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00FC4145
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1eb9b64b581c099b15d517f3940fed5a0112f9d636f6facf56293ea6b8c9b88b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 804b78a06ca05723930ba4112e2324c9cd452926e29740b886d145ffcea5604f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eb9b64b581c099b15d517f3940fed5a0112f9d636f6facf56293ea6b8c9b88b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F1193B254021E7EEF119E64CC86EE77F9DEF087A8F004111FA58A2050C676DC21ABA4
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F6D7A3: _free.LIBCMT ref: 00F6D7CC
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D82D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000), ref: 00F629DE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: GetLastError.KERNEL32(00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000,00000000), ref: 00F629F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D838
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D843
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D897
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D8A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D8AD
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D8B8
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d650bb73ab1b75fc19b729ebf519ff975ed6d7710430088d82a6002db4b53f5d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4115B71B40B04AADA25BFB0CC47FCB7BFCAF40740F440825B299A6092DA69B505B662
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F9DA74
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00F9DA7B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F9DA91
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00F9DA98
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F9DADC
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 00F9DAB9
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23d4a50ed12875d37a6ab0c047a63d2119aab1a315a33966e0655725abe4506d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df3d85e96833a06ef0b816e6c9763479e904a114061c589aa2b3f0e94be33267
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23d4a50ed12875d37a6ab0c047a63d2119aab1a315a33966e0655725abe4506d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 280117F650020C7FEB11EBA49E8AEE7766CDB04701F404455F749E2041EA749E856F75
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(010DE158,010DE158), ref: 00FA097B
                                                                                                                                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(010DE138,00000000), ref: 00FA098D
                                                                                                                                                                                                                                                                                                                                                                                                                  • TerminateThread.KERNEL32(?,000001F6), ref: 00FA099B
                                                                                                                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00FA09A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00FA09B8
                                                                                                                                                                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(010DE158,000001F6), ref: 00FA09C8
                                                                                                                                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(010DE138), ref: 00FA09CF
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5a2c2b89bcbfcde72cf81ccc04067a09d1a0f38b106c0385c0904bc696f4baed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b13c9852d3bcff426178ce099224bb39a5ff3944b79f181bebb6ce438f9e4f68
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a2c2b89bcbfcde72cf81ccc04067a09d1a0f38b106c0385c0904bc696f4baed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF01972442A06BBD7415BA4EF8AED6BA39FF06712F402025F206928A0CB759465EFD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00FB1DC0
                                                                                                                                                                                                                                                                                                                                                                                                                  • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00FB1DE1
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB1DF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • htons.WSOCK32(?,?,?,?,?), ref: 00FB1EDB
                                                                                                                                                                                                                                                                                                                                                                                                                  • inet_ntoa.WSOCK32(?), ref: 00FB1E8C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F939E8: _strlen.LIBCMT ref: 00F939F2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FB3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00FAEC0C), ref: 00FB3240
                                                                                                                                                                                                                                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00FB1F35
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec8e565645e6b9df7f2739a3883a9ddfd32cd49c124e5670c0ec0d0866b2b987
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 75f63dfed29ad946df787cf7d629e76ea629bcf43f2d3457aa5920e483de965f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec8e565645e6b9df7f2739a3883a9ddfd32cd49c124e5670c0ec0d0866b2b987
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23B1F031604300AFC320DF25C8A5F6A7BA5BF84328F94854CF55A4B2E2CB71ED46DB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F35D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00F35D30
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F35D71
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00F35D99
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00F35ED7
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F35EF8
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69886b21d9eb3343aab4e6884466c18856ac9cdef58e31bb6452c2d0665d696a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0fcf1b24f651401454c33e10509d9f3dc5aa27d8b27c127de2a66b2f337702f8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69886b21d9eb3343aab4e6884466c18856ac9cdef58e31bb6452c2d0665d696a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DB17A35A0074ADBDB10CFA9C5807EEB7F1FF48320F14841AE8A9D7250DB34AA91EB55
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F601B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00F600BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F600D6
                                                                                                                                                                                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00F600ED
                                                                                                                                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F6010B
                                                                                                                                                                                                                                                                                                                                                                                                                  • __allrem.LIBCMT ref: 00F60122
                                                                                                                                                                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F60140
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 58678b1a9af3c042052dfda87c743ecbaf68b50661eb5899ee5a7509716764ac
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0581F672A00706ABE7249F78CC41B6B73E9AF42334F24463AF951D7681EB74D948B790
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F661FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00F582D9,00F582D9,?,?,?,00F6644F,00000001,00000001,8BE85006), ref: 00F66258
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00F6644F,00000001,00000001,8BE85006,?,?,?), ref: 00F662DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F663D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F663E5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F63820: RtlAllocateHeap.NTDLL(00000000,?,01001444,?,00F4FDF5,?,?,00F3A976,00000010,01001440,00F313FC,?,00F313C6,?,00F31129), ref: 00F63852
                                                                                                                                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F663EE
                                                                                                                                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F66413
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f6a5a3dfacb4b755b3fbdcac2cea45d04834f8cc7e21b20d569e6b5817b809f9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 661cffd7ce330cc872c56ed4ce8c86223a28083d6fdd07e81600f501186a2267
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6a5a3dfacb4b755b3fbdcac2cea45d04834f8cc7e21b20d569e6b5817b809f9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE51C372A00216ABDF258F64DD82EBF77A9EF44760F15462AFC05D7240EB34DC44E6A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FBB6AE,?,?), ref: 00FBC9B5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBC9F1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBCA68
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBCA9E
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FBBCCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00FBBD25
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00FBBD6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00FBBD99
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00FBBDF3
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00FBBDFF
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: beb66cf12d2f6a8cb8d1b2157dcb0082bc9500c3d7200f1aaee19bd9543c0710
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7d869a2b9a01da0c2bd4e7deedfe650e886c982b2a96a3cd6fa4d36ca040e6bd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: beb66cf12d2f6a8cb8d1b2157dcb0082bc9500c3d7200f1aaee19bd9543c0710
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E381BC71608241AFC714DF25C881E6ABBE5FF84318F14895CF4998B2A2CB75ED05EF92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(00000035), ref: 00F8F7B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000001), ref: 00F8F860
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(00F8FA64,00000000), ref: 00F8F889
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(00F8FA64), ref: 00F8F8AD
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantCopy.OLEAUT32(00F8FA64,00000000), ref: 00F8F8B1
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00F8F8BB
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc0904f89f9fc7def3637492a3f63401569cc7869e5df6da7fea2ccaa34b40fc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: db98c6b59cd22b95452b3a137c449cc956cb3b4e92d049a2c02fd263c1ece836
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc0904f89f9fc7def3637492a3f63401569cc7869e5df6da7fea2ccaa34b40fc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D751D932A00310BEDF14BF65DC96BA9B3A4EF45320F249466E905DF291DB748C48E7A6
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F37620: _wcslen.LIBCMT ref: 00F37625
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(00000058), ref: 00FA94E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA9506
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA952D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(00000058), ref: 00FA9585
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b6b0753878b16ce62702c6fe9c3b1ad88cc9c895f0a988f62620137fe3a269c2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fb3f2075051f50f42c67a6834994d7e0d2bb76a5c31450503cbe2922ea8c72be
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6b0753878b16ce62702c6fe9c3b1ad88cc9c895f0a988f62620137fe3a269c2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE1A4719083409FC724DF24C881B6AB7E4BF85324F08856DF8899B2A2DB75ED05DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?,?), ref: 00F49241
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F492A5
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00F492C2
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00F492D3
                                                                                                                                                                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?,?,?,?), ref: 00F49321
                                                                                                                                                                                                                                                                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00F871EA
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49339: BeginPath.GDI32(00000000), ref: 00F49357
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c246fef1cc3a881da84d4e74ebeea32ddd29bca5d46d24695972a2acfcb03e3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 545b6b04968487f833eca11160505099abafa373a5eea883581d5b3943a866c9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c246fef1cc3a881da84d4e74ebeea32ddd29bca5d46d24695972a2acfcb03e3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B419131608301AFD721EF24CC89FBB7BA8EF46320F140269F998872E1C7759945EB61
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 00FA080C
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00FA0847
                                                                                                                                                                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 00FA0863
                                                                                                                                                                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00FA08DC
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00FA08F3
                                                                                                                                                                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 00FA0921
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fe479a64c8eb226d04915b008233aa991298a5370fa0fea5f6fa2ca562c83da0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98d948fc84e3f77e3259e5ac559735b81e95e7d384df232913599d448724e8d6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe479a64c8eb226d04915b008233aa991298a5370fa0fea5f6fa2ca562c83da0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7417C71900209EFDF149F54DC85AAAB7B8FF05310F1440A9ED049B297DB34DE65EBA4
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00F8F3AB,00000000,?,?,00000000,?,00F8682C,00000004,00000000,00000000), ref: 00FC824C
                                                                                                                                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00FC8272
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00FC82D1
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00FC82E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00FC830B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00FC832F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f2bfdf7c161bbfc78181579a81a0680b54aad369af3a07a06f4faaf45f96cbc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ce1ed3d66f1645423ede8ba1bd3d08d3c20f4774d7f754127d66d38f2df23064
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f2bfdf7c161bbfc78181579a81a0680b54aad369af3a07a06f4faaf45f96cbc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E341B934A01645EFDB22CF15CA8AFE47BE0FB06764F18516DE5484F262CB32A842EF50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F94C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00F94C95
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F94CB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F94CEA
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F94D08
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00F94D10
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcsstr.LIBVCRUNTIME ref: 00F94D1A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a36be76418fe49594c076127dca4ab5b9b765e27402489c8c2ac1db20a7bb7ee
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca75e8ab7f81fc78c8bc3ce2b6c9a834c93541015d93d3956fabb2b3480534a4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a36be76418fe49594c076127dca4ab5b9b765e27402489c8c2ac1db20a7bb7ee
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4212936A042047BFF155B35ED0AE7B7F9CDF55760F10402AF809CB191EA65EC01B6A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F33AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F33A97,?,?,00F32E7F,?,?,?,00000000), ref: 00F33AC2
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FA587B
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00FA5995
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00FCFCF8,00000000,00000001,00FCFB68,?), ref: 00FA59AE
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoUninitialize.OLE32 ref: 00FA59CC
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 696904c6f9f25b335417546040b45a6984a56e7b00d98044bad99af8be55b215
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 398e7affa00d16a19d5dc451be9adb73797cd8db24a4da124c3b4d8a889c699c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 696904c6f9f25b335417546040b45a6984a56e7b00d98044bad99af8be55b215
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FD166B5A047019FC714DF25C880A2ABBE5FF8AB20F14885DF8899B361D735EC45DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F90FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F90FCA
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F90FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F90FD6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F90FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F90FE5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F90FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F90FEC
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F90FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F91002
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000000,00F91335), ref: 00F917AE
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00F917BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00F917C1
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 00F917DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00F91335), ref: 00F917EE
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F917F5
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: df23123833eaaf32221ddbd2587828e9b75b719c07658df5561bf436fab36b5e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2d5236ad9d3c61401fbf0c4ffd48a6434aeefe81b675b53bc36e4f5c3c6a62e0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df23123833eaaf32221ddbd2587828e9b75b719c07658df5561bf436fab36b5e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7911AC3290020AFFEF119FA5CD4AFAF7BA9FB41365F144028F44597221C739A940EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F914CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00F914FF
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00F91506
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00F91515
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000004), ref: 00F91520
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F9154F
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyEnvironmentBlock.USERENV(00000000), ref: 00F91563
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fa42eaaf1faaeb196f894ccd1dafbe2b027d180b4e63cc8b23bd98b57a74b9d6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b9444e9c2cc4f2321ac5cd28b7d10830b69c4d2d6b8b850e792eac43d4afa2b1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa42eaaf1faaeb196f894ccd1dafbe2b027d180b4e63cc8b23bd98b57a74b9d6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5111A7250024EABEF12CF98DE49FDA7BA9FF49754F054025FA05A2060C3768E61AB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F53382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00F53379,00F52FE5), ref: 00F53390
                                                                                                                                                                                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F5339E
                                                                                                                                                                                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F533B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00F53379,00F52FE5), ref: 00F53409
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c3c7c39c297814cfd10b2e4327c511d60e4356a88d768564804c1040825b960
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8bfb04a77b69eb68bb435842096da64f7d912c9ac7fbddf3628a0db9fb5e17e4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c3c7c39c297814cfd10b2e4327c511d60e4356a88d768564804c1040825b960
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B301B533A09329AEE615277C7D86A663E58DF053FB720022DFE10851F1EF554D0AB588
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F62D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00F65686,00F73CD6,?,00000000,?,00F65B6A,?,?,?,?,?,00F5E6D1,?,00FF8A48), ref: 00F62D78
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62DAB
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62DD3
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,00F5E6D1,?,00FF8A48,00000010,00F34F4A,?,?,00000000,00F73CD6), ref: 00F62DE0
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,00F5E6D1,?,00FF8A48,00000010,00F34F4A,?,?,00000000,00F73CD6), ref: 00F62DEC
                                                                                                                                                                                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 00F62DF2
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 29c14df24efc6988d67913e1412dc27dbce23d842f88620da8bffbf7be993608
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0450a4dc0566e9defa97b2e03db9d944f721e227956adf8889668de538f9fe6b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29c14df24efc6988d67913e1412dc27dbce23d842f88620da8bffbf7be993608
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43F0C832E05E1527C3923739BD16F6E356DAFC27B1F250519F828931D6EF28880272A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F49693
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: SelectObject.GDI32(?,00000000), ref: 00F496A2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: BeginPath.GDI32(?), ref: 00F496B9
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: SelectObject.GDI32(?,00000000), ref: 00F496E2
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00FC8A4E
                                                                                                                                                                                                                                                                                                                                                                                                                  • LineTo.GDI32(?,00000003,00000000), ref: 00FC8A62
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00FC8A70
                                                                                                                                                                                                                                                                                                                                                                                                                  • LineTo.GDI32(?,00000000,00000003), ref: 00FC8A80
                                                                                                                                                                                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 00FC8A90
                                                                                                                                                                                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00FC8AA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 859806fb41bc43775542a447cae9e32963f06a0985b1308590483ff211a33c39
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f850df26a5e1e46ad96711fc6d2467278d67d361d4d15f59cba1a0654929e3b9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 859806fb41bc43775542a447cae9e32963f06a0985b1308590483ff211a33c39
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE11097644010DFFDB129F90DD89EAA7F6CEB08390F048016FA599A1A1C7729D55EFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F951FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00F95218
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F95229
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F95230
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00F95238
                                                                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00F9524F
                                                                                                                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00F95261
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 10969ddb90bba011222401d2698ee146da33a389b64b186db9b49753af71e373
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca30bc7bf841b3472f23890a763e62255cb6f0aff9eff6ab1ce47ef195f88b6d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10969ddb90bba011222401d2698ee146da33a389b64b186db9b49753af71e373
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB018475E01708BBEF105BA59D4AE4EBF78EB44751F044065FA08A7280D6709800DBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F31BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F31BF4
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00F31BFC
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F31C07
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F31C12
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00F31C1A
                                                                                                                                                                                                                                                                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F31C22
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8557dd3bb649fae0f15c8831364d3896f253883c04ae49aedb72e8a983dba543
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 37f0e19f2c8846bbb16a2589e9272c1a2b61fb8f43e42a892d8f83bb0facc490
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8557dd3bb649fae0f15c8831364d3896f253883c04ae49aedb72e8a983dba543
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A50167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BE15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F9EB30
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F9EB46
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00F9EB55
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F9EB64
                                                                                                                                                                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F9EB6E
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F9EB75
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b277e2c5883c5243653607a608f67d736f93fe945957a66b9aacd779d35e36f8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: faf9e1b729c313b92347992b1ae5ad31732b55c6b5687c1153e93032cd32690c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b277e2c5883c5243653607a608f67d736f93fe945957a66b9aacd779d35e36f8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29F03A72A4015CBBE7215B639E0EEEF3A7CEFCAB15F000158F609D2091D7A15A01EAF5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F87439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?), ref: 00F87452
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F87469
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 00F87475
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 00F87484
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00F87496
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 00F874B0
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fdc51b1a5b9b85c120a332e741da42c015a7274df501ddf10189baba55e7294a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 27493b2d5e0dcc23136e771f804b3beca084c786ee7ca3447c2375cf68788df3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdc51b1a5b9b85c120a332e741da42c015a7274df501ddf10189baba55e7294a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5018B32400209EFDB11AFA4DE0AFEA7BB5FB04321F640060F919A30A1CB311E42BB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F9187F
                                                                                                                                                                                                                                                                                                                                                                                                                  • UnloadUserProfile.USERENV(?,?), ref: 00F9188B
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F91894
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F9189C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 00F918A5
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F918AC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3386af84c6987b7fcaf6d9dcdab1511a72c274ea4820873ca94364af8a9bf220
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ef155633d59e276a5af5091e68882571fa7643a5aa355976980335e276226bd7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3386af84c6987b7fcaf6d9dcdab1511a72c274ea4820873ca94364af8a9bf220
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87E0ED36404509BBDB015FA2EE0DD05BF39FF497217108220F22982471CB335420EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F37620: _wcslen.LIBCMT ref: 00F37625
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F9C6EE
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F9C735
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F9C79C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00F9C7CA
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8378ef62d533debe1b21892334534d6de20612367238f35db501d3843dbf1b0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f92fb6b11d25ac4061ab42134f943a575ac20d3e6ea1e49fd1e1279f7d25fc3e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8378ef62d533debe1b21892334534d6de20612367238f35db501d3843dbf1b0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D551AF71A043009BEB159F68C985B6B77E4AF89320F040A2DF999D31D1DB74D908EBD3
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 00FBAEA3
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F37620: _wcslen.LIBCMT ref: 00F37625
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessId.KERNEL32(00000000), ref: 00FBAF38
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FBAF67
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9d69ef43a6a9bced0c8dec011e9c27b2aac0c89ee34970b99f46bf62aed92562
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b597d7ee9e031a87c508b610e0b9cb2ac27562155db3c3164940831a52da74d6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d69ef43a6a9bced0c8dec011e9c27b2aac0c89ee34970b99f46bf62aed92562
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB716975A00619DFCB14EF66C885A9EBBF0BF08320F048499E856AB352C774ED45EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F97206
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F9723C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00F9724D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F972CF
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c25a12262ec1d93283289550d1a49275569e08ecbbe2edb180d77107b3c7426e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4665484bdf1e05574b8ed9f8ddc36e3201d0f12831aaae9a7737fbd19665e359
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c25a12262ec1d93283289550d1a49275569e08ecbbe2edb180d77107b3c7426e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4418D71A24304EFEF15DF54C885B9A7BA9EF44710F2480A9BD099F24AD7B0D944EFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FC3E35
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsMenu.USER32(?), ref: 00FC3E4A
                                                                                                                                                                                                                                                                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00FC3E92
                                                                                                                                                                                                                                                                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00FC3EA5
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 05cf3527c98872804c4296126f5d708a012feff35e43a020f6f12784f058ea2f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 65ad72ca42df5c3d2570dcd54e174e692ee7b4189882b3e354946ebd2cd6a204
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05cf3527c98872804c4296126f5d708a012feff35e43a020f6f12784f058ea2f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63414A75A0020AAFDB10DF50D985EAABBB5FF493A4F04812DF90597250D734EE49EFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F93CCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00F91E66
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00F91E79
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000189,?,00000000), ref: 00F91EA9
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b25d19dc778d3543b59f62fc9fef7182b7bf318770aa08f8f87811416351cee6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 681a47ab4e912ac555ece12a0ece61b1a8561f213f8148c9a79e6d1e87b69cf1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b25d19dc778d3543b59f62fc9fef7182b7bf318770aa08f8f87811416351cee6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C213B75A00109BFEF14AB64DD46CFFB7B8EF45360F104129F919A71E1DB785909B620
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00FC2F8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00FC2F94
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00FC2FA9
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00FC2FB1
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42b76188211cc6b2a604ddd3843e2f98b33a1715b1e5e0457e84fabe66f59f34
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e9f04aac8084dd34229418c5134829c92e68112c867c529fdf36150172639551
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42b76188211cc6b2a604ddd3843e2f98b33a1715b1e5e0457e84fabe66f59f34
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0021B872A0020AABEB218E649E82FBB77B9EB58334F10021CFA54D2190C771DC41F7A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F54D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F54D1E,00F628E9,?,00F54CBE,00F628E9,00FF88B8,0000000C,00F54E15,00F628E9,00000002), ref: 00F54D8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F54DA0
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00F54D1E,00F628E9,?,00F54CBE,00F628E9,00FF88B8,0000000C,00F54E15,00F628E9,00000002,00000000), ref: 00F54DC3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e51c13866f658861d9d2873d5f43be678a4299c399d35df78ead9835ba72d9f5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12350ae1fd9e3c98157d1d052510587eafdf9d2dd3ca097311f0c99613e7c113
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e51c13866f658861d9d2873d5f43be678a4299c399d35df78ead9835ba72d9f5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF0813090020CABDB109B90DD0AFADBBB5EF04716F040155ED09A3250CF349984EAD1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F34E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F34EDD,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34E9C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F34EAE
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00F34EDD,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34EC0
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 09484a0c0c73b445ebc1331bc67daf69b3493894139f3d7dc65df07184c2418c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b215839a817e5f5c46ce1eb0e0df179e8000a55ac2bb1b41372e909a1b840b8f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09484a0c0c73b445ebc1331bc67daf69b3493894139f3d7dc65df07184c2418c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98E08635E015225BD22117266C1AF6B7554AFC1B72B0D0115FD08D3120DB60ED4260E1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F34E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F73CDE,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34E62
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F34E74
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00F73CDE,?,01001418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F34E87
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f45ff7c2d87c046ac400204faae754e08b896d94e639111b7c70538ed378b6ae
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8728d81927d4be91d1e1972a42dc781d1ec228600e57f7cdcfc1caa6b9e10817
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f45ff7c2d87c046ac400204faae754e08b896d94e639111b7c70538ed378b6ae
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0D0C232D026225786221B26AC0AE8B3A18AF81F3530D0115F908A3114CF20ED42B1D0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FA2C05
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00FA2C87
                                                                                                                                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00FA2C9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FA2CAE
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00FA2CC0
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dd16dc7e3d0c5c9dec105bee352c6d4edb8e60d4e03516784aed8eec92ad9766
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fe7839791b44103da15b4b153938eea9cc7893b71495bcd9b1093cebd4b19357
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd16dc7e3d0c5c9dec105bee352c6d4edb8e60d4e03516784aed8eec92ad9766
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AFB170B2E00119ABDF24DFA8CC85EDEB77DEF49350F0040A6FA09E7151EA349A449F61
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00FBA427
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00FBA435
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00FBA468
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00FBA63D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ea486416fbdad2b46f374eec08bf5848d1542ae76db1c3ecec7ddd8fc44a0bae
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 44cda2fed4d5aa9d6418713f416045908ba8535090108cd479edfeb33c9e1bde
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea486416fbdad2b46f374eec08bf5848d1542ae76db1c3ecec7ddd8fc44a0bae
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CA1A271604300AFD720DF25C886F2AB7E5AF44724F14881DFA9A9B392DB74EC419F92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00FD3700), ref: 00F6BB91
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,0100121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00F6BC09
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,01001270,000000FF,?,0000003F,00000000,?), ref: 00F6BC36
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6BB7F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000), ref: 00F629DE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: GetLastError.KERNEL32(00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000,00000000), ref: 00F629F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6BD4B
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f3a2401bb915e195420eb83e39151bdc31cdfd51cd715f34a42b0aab2be8d5f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a5b16efec0e2d595ee514543fe954e31f55a7d296b21eb58791b9b33ca4ab62f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3a2401bb915e195420eb83e39151bdc31cdfd51cd715f34a42b0aab2be8d5f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E451F972D04209EFCB21DF65DC8196EB7BCEF40360F10026AE554D7291EB349E81EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F9CF22,?), ref: 00F9DDFD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F9CF22,?), ref: 00F9DE16
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9E199: GetFileAttributesW.KERNEL32(?,00F9CF95), ref: 00F9E19A
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 00F9E473
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 00F9E4AC
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F9E5EB
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F9E603
                                                                                                                                                                                                                                                                                                                                                                                                                  • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00F9E650
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce8a98f9d61d7508ecd2e7261a222bde4605937f2eb7413e9f0ecb4a19a7a268
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 309144dd3c8ce6b9aa4ac0b8fab9c391aa56b027abedbcf6f232142fd57ce621
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8a98f9d61d7508ecd2e7261a222bde4605937f2eb7413e9f0ecb4a19a7a268
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D5192B24083459BDB24DBA4DC819DF73ECAF84350F00491EF689D3191EF79A588D766
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00FBB6AE,?,?), ref: 00FBC9B5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBC9F1
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBCA68
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FBC998: _wcslen.LIBCMT ref: 00FBCA9E
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00FBBAA5
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00FBBB00
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00FBBB63
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?), ref: 00FBBBA6
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 00FBBBB3
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8803b01100614447e3c23928a40a54c009a41ff2509bc314cc81f8a55ff01e59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d34bfbb8ca028ca833a4bc876bb5b18a722eacdc8eb755b9afc87e43a2bf7cff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8803b01100614447e3c23928a40a54c009a41ff2509bc314cc81f8a55ff01e59
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D961C031608201AFC314DF15C891E6ABBE9FF84318F14855CF4998B2A2CB75ED45EF92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F98BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00F98BCD
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 00F98C3E
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 00F98C9D
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00F98D10
                                                                                                                                                                                                                                                                                                                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F98D3B
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 291cb3f6aecedb64109d19e0e41055d8679fbc140f1cd58d27088411cf332c3c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 632c99ed75b9ae2abd439d1b1f1db4e73cf0c7803dc2e67ab8c909231fbeac65
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 291cb3f6aecedb64109d19e0e41055d8679fbc140f1cd58d27088411cf332c3c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE515AB5A00219EFDB14CF68C894EAAB7F8FF89350B158559E909DB350E730E912CF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00FA8BAE
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00FA8BDA
                                                                                                                                                                                                                                                                                                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00FA8C32
                                                                                                                                                                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00FA8C57
                                                                                                                                                                                                                                                                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00FA8C5F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4efd909ecc586125e59e37af99d86d57306e84784e2593ef66b273fefc0dbb3a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4caab79c85e38ea0b0c85e20ee5f7ac28c0ef68540cbf162fd9db3403921b898
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4efd909ecc586125e59e37af99d86d57306e84784e2593ef66b273fefc0dbb3a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46515C75A002189FCB14DF65C881E69BBF5FF49364F088058E849AB362CB35ED51EFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00FB8F40
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00FB8FD0
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 00FB8FEC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00FB9032
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00FB9052
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00FA1043,?,75C0E610), ref: 00F4F6E6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00F8FA64,00000000,00000000,?,?,00FA1043,?,75C0E610,?,00F8FA64), ref: 00F4F70D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3d4fa56d8c05933ea2d8d3fca2d224b6fe95fa51da0125bfa52f429a7cfd8ec3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 00bb09037e7ba97529a196c3ebb94a5494ebce70c968f45d73665df09d9dc711
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d4fa56d8c05933ea2d8d3fca2d224b6fe95fa51da0125bfa52f429a7cfd8ec3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27515C35A04205DFCB10EF65C4949ADBBB1FF49364F088098E9099B362DB75ED86EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00FC6C33
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,?), ref: 00FC6C4A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00FC6C73
                                                                                                                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00FAAB79,00000000,00000000), ref: 00FC6C98
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00FC6CC7
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 312eada402ed8e009ee223a034f6da86f9da9a4dc7c01ee9cb50a097e028ece0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b1af642546ff78b5c768931054fd3d0dde7bff86df1ca3f81b2be8168dad400f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 312eada402ed8e009ee223a034f6da86f9da9a4dc7c01ee9cb50a097e028ece0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC41D635A08105AFD724CF28CE56FA57BA5EB49361F15022CF899E73E1C371ED41EA90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F62051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8fc6d05bf3c004f0ac263b6d92f9ae5c5b69f05f0e4fd748d9b62e99f74c0aa8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1252ad06e9ae2c6491d5981706a9e4941cca49a26b06d9f260bf5a2816d51164
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fc6d05bf3c004f0ac263b6d92f9ae5c5b69f05f0e4fd748d9b62e99f74c0aa8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A741D232E00604AFCB24DF78CD81A6DB7B5EF89724F154569EA15EB351DB31AD01EB80
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00F49141
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 00F4915E
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000001), ref: 00F49183
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetAsyncKeyState.USER32(00000002), ref: 00F4919D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c6dcd07f1e1abe0ab576f625aa98e7fb1a7a0f484a3a94a1f829852331aceb8c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dd7ffb77db66b8080dd88197b2aca3585f64e64ebf479c2d68b8cb13329303fb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6dcd07f1e1abe0ab576f625aa98e7fb1a7a0f484a3a94a1f829852331aceb8c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21414131A0861AABDF15AF64C848BEEBB74FB45334F244219E829A7290C7746950EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetInputState.USER32 ref: 00FA38CB
                                                                                                                                                                                                                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00FA3922
                                                                                                                                                                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00FA394B
                                                                                                                                                                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00FA3955
                                                                                                                                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FA3966
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b4976348c6d576d258c91ed9e9b385b00c209ad7212622d5b3d777b492cdc689
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a8222961002ed6795e81dc3d54faa6a617179952d8b0aef25fde84b9affabc81
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4976348c6d576d258c91ed9e9b385b00c209ad7212622d5b3d777b492cdc689
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED31C6B1D04345AFEB36CB34D849BB737A9EB0B314F04455DF49682190E3B9D684EB11
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FACF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00FAC21E,00000000), ref: 00FACF38
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 00FACF6F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,?,00FAC21E,00000000), ref: 00FACFB4
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,00FAC21E,00000000), ref: 00FACFC8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,?,?,00FAC21E,00000000), ref: 00FACFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 48216fafa002089d3a8130168c1bf124c4132a40c6450ea0f6fe4ee0dc2fcbad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8134017e5519e02cd549d593034839d111ea2229e5cc164e51dd44a44b78faff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48216fafa002089d3a8130168c1bf124c4132a40c6450ea0f6fe4ee0dc2fcbad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A314DB1904209AFDB24DFA5D985AAABBF9EB15351B10442EF51AD3140DB30AD41EBB0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00F91915
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000001,00000201,00000001), ref: 00F919C1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?), ref: 00F919C9
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000001,00000202,00000000), ref: 00F919DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00F919E2
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4ff9ce3a2849a7a1dfb40212bba2fa2d6c0afd8a787cebe00d6c54a6c396d95c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 91777e01488a4ab13e1da44ec4d3b05c9850647347eb4d46697cdd28d6c6d234
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ff9ce3a2849a7a1dfb40212bba2fa2d6c0afd8a787cebe00d6c54a6c396d95c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0331AF72A0021AEFDF14CFA8CE99ADE3BB5FB44325F104225F925A72D1C7709954EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00FC5745
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000001), ref: 00FC579D
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC57AF
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC57BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FC5816
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d08518f48227bcd8a6a51f2f097fa1b7e62c46a815d6c6eaf5aecb89fc279cc2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 662825c1f2e1eefa375e51661ef879de8acb5e34820732f110f397586590911d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d08518f48227bcd8a6a51f2f097fa1b7e62c46a815d6c6eaf5aecb89fc279cc2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5215271D046199ADB209FA0CD46FEE7778EF04B24F10425AE9199A180D774AAC5EF50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsWindow.USER32(00000000), ref: 00FB0951
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00FB0968
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00FB09A4
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000003), ref: 00FB09B0
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000003), ref: 00FB09E8
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 778064abd396831a90d5bb23594929d17f62b04e904192e692c5fb30a87477b9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 816d347705af43968114199f8e6272177f19166a4d5e35d52153a97914687180
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 778064abd396831a90d5bb23594929d17f62b04e904192e692c5fb30a87477b9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35218175A00204AFD714EF65CD85EAEBBE9EF49750F048068F84A97752CB34AC04EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00F6CDC6
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F6CDE9
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F63820: RtlAllocateHeap.NTDLL(00000000,?,01001444,?,00F4FDF5,?,?,00F3A976,00000010,01001440,00F313FC,?,00F313C6,?,00F31129), ref: 00F63852
                                                                                                                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F6CE0F
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6CE22
                                                                                                                                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F6CE31
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ff0a92cf47cfbbb1118f4563c237212df8d3b7fb0ce512589ad8e7aa4685c9b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d07f85d726826827cc7ff66ebb54f9dfb4592d89d96b0c917592762a49e07802
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff0a92cf47cfbbb1118f4563c237212df8d3b7fb0ce512589ad8e7aa4685c9b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A01D472A022157F232116BA6D89D7B797DDED6FA13150129F989C7200EA6A8D01B1F0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F49639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F49693
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00F496A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • BeginPath.GDI32(?), ref: 00F496B9
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00F496E2
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bd08838dc90f2fa06c25a3eef665e6de7be1b2ae4b266160afe7e0b28ecdf777
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f833d71c485e68d8f4dbe77b5684db6c0cf6727c30a0e4627474b3d0ea8b4bd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd08838dc90f2fa06c25a3eef665e6de7be1b2ae4b266160afe7e0b28ecdf777
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8721A73191A305EFDB229F25ED09BAA3F74BB50325F110215F854971E4D3B5D851EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F95711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a46967d6594a2b53ddfaa819e23b872cc96cb6ad52fc3c68fcc150d61baf5191
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c94f58478b8800250e259a2f2f448be6de9798ea3be1f5ed481c9ad06dc2d624
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a46967d6594a2b53ddfaa819e23b872cc96cb6ad52fc3c68fcc150d61baf5191
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B01DB6264160EBAFA0955509E92FBA735D9B617A5B004024FE045A141F730FF14B3A3
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F62DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00F5F2DE,00F63863,01001444,?,00F4FDF5,?,?,00F3A976,00000010,01001440,00F313FC,?,00F313C6), ref: 00F62DFD
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62E32
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62E59
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00F31129), ref: 00F62E66
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00F31129), ref: 00F62E6F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f212210b54cb498d265755cfcf7719f25ab6602eac00c18d018b83102d325f66
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5a1cd081173df500862646f7ca9595da4dcd0538bc4ef0a106afd0f69a09613
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f212210b54cb498d265755cfcf7719f25ab6602eac00c18d018b83102d325f66
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E012836A45E0467C75227357D86E2B366DEFE17B1B250038F425A32D2EF3A8C01B160
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?,?,00F9035E), ref: 00F9002B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?), ref: 00F90046
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?), ref: 00F90054
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?), ref: 00F90064
                                                                                                                                                                                                                                                                                                                                                                                                                  • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F8FF41,80070057,?,?), ref: 00F90070
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8df11c1cdb20887e1529adc35e68a1c4fafd0a3c6bc93f4ea60481277f11266b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1ba4f4742c68d84245f5e6c315cd007b862d43f3d75a33e801c4c8ba48c819f7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8df11c1cdb20887e1529adc35e68a1c4fafd0a3c6bc93f4ea60481277f11266b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B018F72A00208BFEF108F68DD05FAA7AEDEB44761F144124F909D3260DB71DD40ABA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00F9E997
                                                                                                                                                                                                                                                                                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?), ref: 00F9E9A5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00F9E9AD
                                                                                                                                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00F9E9B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00F9E9F3
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3379186f8ff7d9c7e46b555e0c5617e71f1af2e083b339d5e5f754311263474e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2641d4df9c4d97a53ed404f92dc43e34f3308e9198874dc92532920ec800d6bb
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3379186f8ff7d9c7e46b555e0c5617e71f1af2e083b339d5e5f754311263474e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0015731C0162DDBDF40EBE6DD5AAEDBB78FB08310F050946E502B2241CB309950ABA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F910F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F91114
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F91120
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F9112F
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F90B9B,?,?,?), ref: 00F91136
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F9114D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c5592ab2a98ba22b2df340d2582a6c2f2775da9b13c23f9375efa234c3561d0b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e7d7f97926d6eb8be0a351c720680409d9906bbc47a077e5f8cf1f53e15e5490
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5592ab2a98ba22b2df340d2582a6c2f2775da9b13c23f9375efa234c3561d0b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C016D75500209BFDB114F65DD4EE6A3B6EFF85360B150424FA49C3360DB31DC41AAA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F90FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F90FCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F90FD6
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F90FE5
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F90FEC
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F91002
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 400786bf12b0b6318772ca0ff069f850d3e347a8b572b9418a274bea4645dab5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f0cf8b190df2e7fd07a609ea1ba6fd70d881e3ae1f76b1278bac349ab3bf2d3f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 400786bf12b0b6318772ca0ff069f850d3e347a8b572b9418a274bea4645dab5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EF06235540305EBDB214FA5DD4EF563B6DFF89761F144424F949C7261CA71DC40DAA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F9102A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F91036
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F91045
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F9104C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F91062
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bb8e2d5f7e0b857f47de851a227f1b86b7c3ab85965eadb9510881d66aa13e4a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b7070b0cbbfcab6e9c0f0112e945abd31922c6ebb920551d9e97fa2ff4f56800
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb8e2d5f7e0b857f47de851a227f1b86b7c3ab85965eadb9510881d66aa13e4a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F06235540305EBDB215FA5ED4AF563B6DFF89761F140424F949C7261CA72D8409AA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00FA017D,?,00FA32FC,?,00000001,00F72592,?), ref: 00FA0324
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00FA017D,?,00FA32FC,?,00000001,00F72592,?), ref: 00FA0331
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00FA017D,?,00FA32FC,?,00000001,00F72592,?), ref: 00FA033E
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00FA017D,?,00FA32FC,?,00000001,00F72592,?), ref: 00FA034B
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00FA017D,?,00FA32FC,?,00000001,00F72592,?), ref: 00FA0358
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00FA017D,?,00FA32FC,?,00000001,00F72592,?), ref: 00FA0365
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c3ad3fcc27041ec3c8cdd1eff83dc02a0b95e8cdeb02210087b47c7ee1f1b6fc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0aeb2e48c00258c130073634ea7236a5d4cf56cd13b74875ad27b74a8072f579
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3ad3fcc27041ec3c8cdd1eff83dc02a0b95e8cdeb02210087b47c7ee1f1b6fc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3901A2B2800B159FCB309F66E880812F7F9BF613253158A3FD19652931C771A954EF80
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D752
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000), ref: 00F629DE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: GetLastError.KERNEL32(00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000,00000000), ref: 00F629F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D764
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D776
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D788
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6D79A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6b16d924ea5049960f3fec5e180d636768039d3bbca1a704d226523bad88477d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb0b73c048461cc04f4a29c0db57788a319b222139c097f566e2c5e39e875839
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b16d924ea5049960f3fec5e180d636768039d3bbca1a704d226523bad88477d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEF0FF32F4461CAB8669EB68FAC5C267BFDBF44760B940805F048D7501CB24FC80F6A5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F95C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00F95C58
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00F95C6F
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00F95C87
                                                                                                                                                                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 00F95CA3
                                                                                                                                                                                                                                                                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00F95CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8e3826e29ff6584c379f69feebbe46623a4e50bc539cede09a22386945fcbb2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b95e44192bcd50cf9ea1a4ee57d697b2df386b197944adf3b6e465246d4473a1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8e3826e29ff6584c379f69feebbe46623a4e50bc539cede09a22386945fcbb2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93016770500704ABFF255B20DF4FF9577B8BB00F05F000559E646A15E1D7F45944AB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F622A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F622BE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000), ref: 00F629DE
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F629C8: GetLastError.KERNEL32(00000000,?,00F6D7D1,00000000,00000000,00000000,00000000,?,00F6D7F8,00000000,00000007,00000000,?,00F6DBF5,00000000,00000000), ref: 00F629F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F622D0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F622E3
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F622F4
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F62305
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cc6843ed631d07c22d3fad7460ac43cf1fbf492cd29d226e112c0598228b45c2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aa2bbad4af0e0cb53714d3c12d2c0ca7e376937310798e4d4d601d83c32f7215
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc6843ed631d07c22d3fad7460ac43cf1fbf492cd29d226e112c0598228b45c2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EF030B09009248B8767AF58FC019283BB4BB187E1F00051AF450D2269C73E4411FBE5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F495C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 00F495D4
                                                                                                                                                                                                                                                                                                                                                                                                                  • StrokeAndFillPath.GDI32(?,?,00F871F7,00000000,?,?,?), ref: 00F495F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00F49603
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00F49616
                                                                                                                                                                                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00F49631
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1ec6558f40112519879b1ba33c22776beb45c59ed82277d4679148dc12c2ad04
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb9a115fe45329663b6298e43f8977f86d12dd524ffa7f819700acd6cff3f37d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ec6558f40112519879b1ba33c22776beb45c59ed82277d4679148dc12c2ad04
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AF03C31509208EBDB275F65EE0DB653F61BB00332F148214F9A9960F4CB7A8991EF60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F60F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a9bd80f194cdf2b3e74ff5058b8fd7d63cf37508d7549c21de56218fbab196b8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d204e4756f066e60072195444a80b3e5e6d37ab56c804836dc9940ecab1d33d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9bd80f194cdf2b3e74ff5058b8fd7d63cf37508d7549c21de56218fbab196b8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0D10132D00206DADB289F68C856BFEB7B5FF06320F2C4159E906AB751D7359D80EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F50242: EnterCriticalSection.KERNEL32(0100070C,01001884,?,?,00F4198B,01002518,?,?,?,00F312F9,00000000), ref: 00F5024D
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F50242: LeaveCriticalSection.KERNEL32(0100070C,?,00F4198B,01002518,?,?,?,00F312F9,00000000), ref: 00F5028A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F500A3: __onexit.LIBCMT ref: 00F500A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00FB7BFB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F501F8: EnterCriticalSection.KERNEL32(0100070C,?,?,00F48747,01002514), ref: 00F50202
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F501F8: LeaveCriticalSection.KERNEL32(0100070C,?,00F48747,01002514), ref: 00F50235
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c61219113126a5638698d99a897cef39689974c803940c7ff2bf3156377ca0bf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e73325fed7b5483a56d0b0da1bdcd043bbe22ac84a628c038eafd21bdc741555
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c61219113126a5638698d99a897cef39689974c803940c7ff2bf3156377ca0bf
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70919A70A04209AFCB14EF56D891DEDBBB1BF88350F148049F846AB292DB75AE41EF51
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F92716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F921D0,?,?,00000034,00000800,?,00000034), ref: 00F9B42D
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00F92760
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F921FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00F9B3F8
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00F9B355
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00F92194,00000034,?,?,00001004,00000000,00000000), ref: 00F9B365
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00F92194,00000034,?,?,00001004,00000000,00000000), ref: 00F9B37B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F927CD
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F9281A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 471358b870f5b91ec497d7d39208cd6a4eac61b849f9089f32b277c66bd99a40
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d6cb8534c5b52ab299347c7e4ae2775eb6a40896fa800300e7069d01af4bdd28
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 471358b870f5b91ec497d7d39208cd6a4eac61b849f9089f32b277c66bd99a40
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A412A72900218BEEF10DFA4DD46EEEBBB8AF09310F004095EA55B7181DA716E45EBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00F61769
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F61834
                                                                                                                                                                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00F6183E
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2506810119-4010620828
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fcc38755f7fd9b6d9e25132d88d093264a89839740ed0bfdd77be7e4793b9189
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2ababf98555e20861330bff6d60c9abdf0ad3c89aefdc6c4f64c2c242e78ecd5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcc38755f7fd9b6d9e25132d88d093264a89839740ed0bfdd77be7e4793b9189
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D3161B1E00218ABDB22DFA99C85D9EBBFCFB85360F184166F844D7201D6748E41EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00F9C306
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(?,00000007,00000000), ref: 00F9C34C
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,01001990,010E4B98), ref: 00F9C395
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0111b8111ad49048d5168acf27f0eec5cd3a84b4b2dc97f05815a2f8b041e251
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98856ed0535e1aedee5d71d9d1d3a9417583b43fa1ab72c7d6088b911a5b2fe2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0111b8111ad49048d5168acf27f0eec5cd3a84b4b2dc97f05815a2f8b041e251
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F041C2716043019FEB24DF29DC85F1ABBE8AF85320F048A1DF9A5972D1D774E904EB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00FCCC08,00000000,?,?,?,?), ref: 00FC44AA
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32 ref: 00FC44C7
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FC44D7
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: acc1eae5f9c6d8bf5037d5c9454dc52b60b8bacaa976c3aa3b820213c246d7d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bdd477db0b81f1f7be56d1f76947a04e94195ba3dacb5a677eb34868614cd78d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: acc1eae5f9c6d8bf5037d5c9454dc52b60b8bacaa976c3aa3b820213c246d7d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D31AD31610606AFDB248E38DD46FEA7BA9EB08334F244719F979931D0D775EC50AB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00FB335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00FB3077,?,?), ref: 00FB3378
                                                                                                                                                                                                                                                                                                                                                                                                                  • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00FB307A
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FB309B
                                                                                                                                                                                                                                                                                                                                                                                                                  • htons.WSOCK32(00000000,?,?,00000000), ref: 00FB3106
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b23d50ddf5c4c8cdfcbfd5a5d8f9064b7b49653351afdb0dfff87beb7df71f92
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9ece32de23d5a81e73eb6c4c169683459d7e9b15d8c8b0a07fbf64f13db7eb73
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b23d50ddf5c4c8cdfcbfd5a5d8f9064b7b49653351afdb0dfff87beb7df71f92
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF313739A042059FCB10DF2EC881EEA77E0EF14368F248059E8158B392DB71EE41EF60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00FC4705
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00FC4713
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00FC471A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7e8dbee1562d04f99203d0fafdbfacae28cc0133b424c25ff92261d75f59a344
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ae979b70d3dedf99ecba5009ce0ce6dc257f40f0041dcf2e904e49806b5dcff0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e8dbee1562d04f99203d0fafdbfacae28cc0133b424c25ff92261d75f59a344
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D215CB5600209AFDB11DF64DD92EA737ADEF4A3A4B040059FA049B391CB35FC51EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F995AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8555d7142a6d7ac2b89ed615b21d59b576c8bd3f2888c2e11a7de4d5383d6654
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c2b1b17625fdeac2479356f4cd9e8bcfbc23544161a30db31a5ea0e90bb62fb9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8555d7142a6d7ac2b89ed615b21d59b576c8bd3f2888c2e11a7de4d5383d6654
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C321387250861166EB31AA2CDC03FB7B7E89F91320F16402EF94997041EBD6AD49F2D6
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00FC3840
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00FC3850
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00FC3876
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9561a9ed0049f7a48ba6b2bd64ea106a0d96a0e76e3ddb9335a640f88bf5d2ff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b52232ce7acc536ade3ec814c8c1c352961c27a2f302b7a83b3040033f1bbfe0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9561a9ed0049f7a48ba6b2bd64ea106a0d96a0e76e3ddb9335a640f88bf5d2ff
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2621C572A041197BEF119F54CD42FBB376EEF897A0F118118F9049B190C675DC51A790
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00FA4A08
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00FA4A5C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?,?,00FCCC08), ref: 00FA4AD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 84558129202e02ab0e26badab146f832dcef51c96398ccdf932705a516cd1dd1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4844c1a13d1e979ef8e6185e9c9014be76801a3aa8b03f8289a150f1e822ca1d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84558129202e02ab0e26badab146f832dcef51c96398ccdf932705a516cd1dd1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5831D271A00109AFDB10DF54C981EAA7BF8EF49318F1480A9F908DB352DBB5ED45DBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00FC424F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00FC4264
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00FC4271
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cfabb8449f954dcfce33adc1689eeace506d79970e5adde5e2b7e3f883490e14
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 465048f63100eb6ea05ee6fa38592b6844e21c97ee6df602f2d24b839a014652
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfabb8449f954dcfce33adc1689eeace506d79970e5adde5e2b7e3f883490e14
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19110632640209BEEF215F28CC07FEB3BACEF85B64F010118FA55E2090D271EC51AB10
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F92F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F36B57: _wcslen.LIBCMT ref: 00F36B6A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F92DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F92DC5
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F92DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F92DD6
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F92DA7: GetCurrentThreadId.KERNEL32 ref: 00F92DDD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F92DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F92DE4
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00F92F78
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F92DEE: GetParent.USER32(00000000), ref: 00F92DF9
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00F92FC3
                                                                                                                                                                                                                                                                                                                                                                                                                  • EnumChildWindows.USER32(?,00F9303B), ref: 00F92FEB
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6a68c89fbe8085b73ebcd8546853e00f036716ad7b9169833f39c134f5de0ce7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 200ea05bc1e4f80ba94e9b98c556b933312176d9683331a85250cf9e566f82d0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a68c89fbe8085b73ebcd8546853e00f036716ad7b9169833f39c134f5de0ce7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A311E4716002096BDF407F708D8AEED776AAF84314F048075FA0DDB252DE349909BB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00FC58C1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00FC58EE
                                                                                                                                                                                                                                                                                                                                                                                                                  • DrawMenuBar.USER32(?), ref: 00FC58FD
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ad800e16a65c848ad3f6a31acc9d2c00e528e642525186b0ec61ebd0fd4d5bb6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 971f4f2c90204e3e6f23c67cea8fdbb261c62d5bc6b4651536b7eb0faea4cce1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad800e16a65c848ad3f6a31acc9d2c00e528e642525186b0ec61ebd0fd4d5bb6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B018B32900219EEDB209F11DD46FAEBBB8FB45761F048099E848D6151DB309A88FF20
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 91c007c858b434a6ad71b7f3f90c97feccc5e6965d9e7f80df4d1452e8f26b85
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 37154d77f25197aa91f4d7bfe25a4a65b797ddb586c17450675e663f5d632791
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91c007c858b434a6ad71b7f3f90c97feccc5e6965d9e7f80df4d1452e8f26b85
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FC11B75A0021AEFEB14CF94C894EAEB7B5FF48714F208598E505EB251DB31DD81EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8857914b4d620a1472af78a13fe489071e96703bbafedfc7d207db3cb1998334
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b39d47d2208e0af4756d68bfe410d5ffb296b27c51d78dcfbf7e9ea675f45a70
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8857914b4d620a1472af78a13fe489071e96703bbafedfc7d207db3cb1998334
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94A16D756043009FCB14EF29C985A5AB7E5FF88720F088859F9499B362DB34ED01EF91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F90436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00FCFC08,?), ref: 00F905F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00FCFC08,?), ref: 00F90608
                                                                                                                                                                                                                                                                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?,00000000,00FCCC40,000000FF,?,00000000,00000800,00000000,?,00FCFC08,?), ref: 00F9062D
                                                                                                                                                                                                                                                                                                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 00F9064E
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 92ae87863a495b29ef2d9bcff8561358fd805c13720f4551e46a7b9b59f57a4f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3be96a316969fd47948b5f153b0480f2a9617160e179b2de2673cb55748e5ac8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92ae87863a495b29ef2d9bcff8561358fd805c13720f4551e46a7b9b59f57a4f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B810671A00109EFDF04DF94C984EEEB7B9FF89315F244598E506AB250DB71AE06DB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FBA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00FBA6AC
                                                                                                                                                                                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,?), ref: 00FBA6BA
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 00FBA79C
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00FBA7AB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00F73303,?), ref: 00F4CE8A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3decf4e8e3b205cdcc82dce9f532b0f3b6e9962dd77e58e42c89df5478029280
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e952985726c4c6164ac70ecce323637fe16b94d1d9661649b42a205d0cfb413f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3decf4e8e3b205cdcc82dce9f532b0f3b6e9962dd77e58e42c89df5478029280
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55514A71508300AFD710EF25CC86A6BBBE8FF89764F40891DF98997261EB74D904DB92
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F71391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b7d885d74576e7c87532c5bfee6d449198df4f164778031b69f85ba567ab9996
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 05494fe114e7ecd7b13d5a6bf4f518c400be1d326ba01e6b5c6a21c075082c78
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7d885d74576e7c87532c5bfee6d449198df4f164778031b69f85ba567ab9996
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3414B72A001006BDB25EFBC9C46AAE3AA5FF42770F14C267F91DD3191E678484D7263
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00FC62E2
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00FC6315
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00FC6382
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b5d700d0dfe11628755d150dddcad2f4e95233dacf4b28a84ffc6fe2c5469d2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf83720ceec6ca5109f84a9acb3aaa16d93d31e14db46e4f098114a5e3102ec3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b5d700d0dfe11628755d150dddcad2f4e95233dacf4b28a84ffc6fe2c5469d2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35512974A0424AAFCF24DF54DA82EAE7BB5EB85360F10815DF855D7290D730ED41EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011), ref: 00FB1AFD
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB1B0B
                                                                                                                                                                                                                                                                                                                                                                                                                  • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00FB1B8A
                                                                                                                                                                                                                                                                                                                                                                                                                  • WSAGetLastError.WSOCK32 ref: 00FB1B94
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e88621152209e5ef7fa380af039d79caa9ebe4d1dc63a2c984a63505037064aa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f063d57c0ef76b605c32fc25a43d85fd37c5de1175585ab9d38cb90267ea0ecc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e88621152209e5ef7fa380af039d79caa9ebe4d1dc63a2c984a63505037064aa
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B41D175600200AFE720AF20CC86F6A7BE5AB84728F54C44CFA1A9F7D2D776DD419B90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5de933fc2a69f588e7fa42309e840968b18bd5b12c63ab7d53002d7bd5fb337b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c3c73fe338719740ba25122972b498e1e4f57cf0753cbb5d6e54ddd09d620c5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5de933fc2a69f588e7fa42309e840968b18bd5b12c63ab7d53002d7bd5fb337b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD415C71A00314BFD724EF38CC41BAA7BE9EB84720F10852EF546DB282D775A941A790
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00FA5783
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00FA57A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00FA57CE
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00FA57FA
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 988a562bf4042f3a6119665eaa9470cb38901522df2337f4ac197d54f6682959
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c4d1088c09934395c5e1108c997bcbc14161476c46c18b3feec1b7880874e4b1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 988a562bf4042f3a6119665eaa9470cb38901522df2337f4ac197d54f6682959
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA415079600614DFCF14EF15C545A5DBBE1EF49720F188488E94AAB365CB38FD00EB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00F56D71,00000000,00000000,00F582D9,?,00F582D9,?,00000001,00F56D71,8BE85006,00000001,00F582D9,00F582D9), ref: 00F6D910
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F6D999
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00F6D9AB
                                                                                                                                                                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F6D9B4
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F63820: RtlAllocateHeap.NTDLL(00000000,?,01001444,?,00F4FDF5,?,?,00F3A976,00000010,01001440,00F313FC,?,00F313C6,?,00F31129), ref: 00F63852
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 610af1e008eadf5144d6936ea13cbe5f498beccbecf8cccf8deb520ec823ef2e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 343bbbc2808ad964d4fa05fa913f449d35f20d184cc2418da1e1659ab40003a4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 610af1e008eadf5144d6936ea13cbe5f498beccbecf8cccf8deb520ec823ef2e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF31AD72E0020AABDB249F65DC45EAF7BA5EB41760B054168FC08D7250EB39DD54EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00FC5352
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC5375
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FC5382
                                                                                                                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00FC53A8
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f330c96ec31f7fac195330eb1ec34079432ea5c990695ea256f4224f2cfc17e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f15c45d5230e1203f65f9ccce4913eeb304e6964b833b42361a5eee89fab928
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f330c96ec31f7fac195330eb1ec34079432ea5c990695ea256f4224f2cfc17e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4831F431F55A4AAFEB349A54CE07FE83763AB04BA0F584109FA54861D1C7B5B9C0BB41
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00F9ABF1
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetKeyboardState.USER32(00000080,?,00008000), ref: 00F9AC0D
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000101,00000000), ref: 00F9AC74
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00F9ACC6
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ac7fb27e375aa883a92a70b4d75d9b030f516400b4c1bf5d635df5d49db35795
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 705542e6f9446113ed645ee0f96bda573398a2957e515c6cd753d3285f1a216b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac7fb27e375aa883a92a70b4d75d9b030f516400b4c1bf5d635df5d49db35795
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE310530E04718AFFF35CB658C05BFA7BA5AB89321F04471AE4859A1D1C379C985B7E2
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 00FC769A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00FC7710
                                                                                                                                                                                                                                                                                                                                                                                                                  • PtInRect.USER32(?,?,00FC8B89), ref: 00FC7720
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00FC778C
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 57f80ab76b4b377d76344c180b6a67b8dfdbd0873dc88378e98086c01b204c0e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2706c54389c97afd460ffaaf5805b87cd334c78682ba863188766b506fab85a8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57f80ab76b4b377d76344c180b6a67b8dfdbd0873dc88378e98086c01b204c0e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53419F34A0531AAFCB11EF68CA86FA9BBF4BF48310F1440ACE4549B251C335E941EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00FC16EB
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F93A57
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: GetCurrentThreadId.KERNEL32 ref: 00F93A5E
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F925B3), ref: 00F93A65
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCaretPos.USER32(?), ref: 00FC16FF
                                                                                                                                                                                                                                                                                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 00FC174C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00FC1752
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eaac3cd5f3c66db447d64c0b11e089de4fce33e396c2a38ec1774a330176d5e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c81cc2dbdc9121c65e2ef24a6afc1ade7a166ade41c80ec209fe53d5728002a5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eaac3cd5f3c66db447d64c0b11e089de4fce33e396c2a38ec1774a330176d5e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9316FB5D00209AFCB04EFA9C981DAEBBF9EF49314B5080A9E415E7212D735DE45DFA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FC9001
                                                                                                                                                                                                                                                                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F87711,?,?,?,?,?), ref: 00FC9016
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FC905E
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F87711,?,?,?), ref: 00FC9094
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ec8b9c1d8a60871e04ae01a5d36c1ceff41918a6dbb61b24890c8a92ddd5717
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: da46561950884c40e9e33c2e754a0a8d6e17880cfdd9a247b78716adc36e45a0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ec8b9c1d8a60871e04ae01a5d36c1ceff41918a6dbb61b24890c8a92ddd5717
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4321A135A04018FFDB268FA4C95AFFA7BB9EF89360F044059F90547261C3759990FBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,00FCCB68), ref: 00F9D2FB
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F9D30A
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F9D319
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00FCCB68), ref: 00F9D376
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 97040ad723ebd0b6d1df70264071991255904af57961bbcc0e5cf465db70b37a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df3759248d71d8651e3de0c0996159e0b962174c1ad243e89a264bb905beadce
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97040ad723ebd0b6d1df70264071991255904af57961bbcc0e5cf465db70b37a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F21A370908201DF9B00DF24C981CAA77E4EF95375F604A1DF499C32A1D731D946EB93
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F9102A
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F91036
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F91045
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F9104C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F91014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F91062
                                                                                                                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00F915BE
                                                                                                                                                                                                                                                                                                                                                                                                                  • _memcmp.LIBVCRUNTIME ref: 00F915E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F91617
                                                                                                                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 00F9161E
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d1903b948c66c0b1005c146cb2111eef9e686bca703b2126e95ed651a1df688e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bc1e9651343886d12b2cced1c69e201e80e31b4ea2c2869d1f33eb5c388694b6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1903b948c66c0b1005c146cb2111eef9e686bca703b2126e95ed651a1df688e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D219D31E4010AEFEF10DFA5C945BEEB7B8FF44354F094469E445AB241E730AA05EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00FC280A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FC2824
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FC2832
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00FC2840
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 34bc10ec2f872d5f1926cb528b82e9764cef59bdbdaf211d9ff86f1a119c44b8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 90ae92ab2bbb8444204a605236d93b3d63febed4131398b61940ba9cb78cca3c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34bc10ec2f872d5f1926cb528b82e9764cef59bdbdaf211d9ff86f1a119c44b8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04212131204112AFD7549B24CD82FAA7B95EF85324F18810CF42A8B6E2CB75FC42DBD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F978F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F98D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00F9790A,?,000000FF,?,00F98754,00000000,?,0000001C,?,?), ref: 00F98D8C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F98D7D: lstrcpyW.KERNEL32(00000000,?,?,00F9790A,?,000000FF,?,00F98754,00000000,?,0000001C,?,?,00000000), ref: 00F98DB2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F98D7D: lstrcmpiW.KERNEL32(00000000,?,00F9790A,?,000000FF,?,00F98754,00000000,?,0000001C,?,?), ref: 00F98DE3
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00F98754,00000000,?,0000001C,?,?,00000000), ref: 00F97923
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,00F98754,00000000,?,0000001C,?,?,00000000), ref: 00F97949
                                                                                                                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl,?,00F98754,00000000,?,0000001C,?,?,00000000), ref: 00F97984
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 764b325f4f6fc93d6a6aa6150e0d1fba88a370c5611d53acbc40eafff23f8254
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e13d125cff2f83cdf12a088fd1d69fa4a3122f83991e28a52f1150d143969185
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 764b325f4f6fc93d6a6aa6150e0d1fba88a370c5611d53acbc40eafff23f8254
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8911E43A600305ABDF156F35DC45E7A77A5EF85390B10402AE906C7264EB319801E791
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00FC7D0B
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00FC7D2A
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00FC7D42
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00FAB7AD,00000000), ref: 00FC7D6B
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 295fcb37e195882e8fa669e50a33072c1c41f015a857531f4bb5b80e677a9ed1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a53be2344b31aa2d7f78641576fc39fdd5d3c63e610d7c18ee23b33130be92a0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 295fcb37e195882e8fa669e50a33072c1c41f015a857531f4bb5b80e677a9ed1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03118C32A0461AAFCB11AF28DD05FA63BA5AF45370F154728F83AD72E0D7319950EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001060,?,00000004), ref: 00FC56BB
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC56CD
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FC56D8
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FC5816
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4301e5a4e433cdb4d53ad7624915f3e51e9b435dbd8b98dbd768a32db469c1bc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c60a03d432a708cd8b4a1ad98ebe73b7198d40cbb72a1d0bc8aa6cc3799e551
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4301e5a4e433cdb4d53ad7624915f3e51e9b435dbd8b98dbd768a32db469c1bc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9211D571A0060A96DF20DB618E86FEE376CAF10B74B10406EF905D6081D774E6C4EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F61D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d6cda25d0104a94fe3750387de599d6a9e3fa222c81141eafd3dbba266dc7dc8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9c926f2455beb7f684b1754dfe9e0aa6b6c3b1a63d7bb371e58c5cf6df541965
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6cda25d0104a94fe3750387de599d6a9e3fa222c81141eafd3dbba266dc7dc8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4201D6B2A05A1A3EF62126786CC1F27762CEF817B8F380326F521522D2DB658C007170
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 00F91A47
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F91A59
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F91A6F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F91A8A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c95f1ae0b62abc97e428861f6881a217368176324097ae8309ec52497de6acfe
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b26874d3c5382e2365daeaecf66708e7217bf2de0668d02d439aedbe5874252
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c95f1ae0b62abc97e428861f6881a217368176324097ae8309ec52497de6acfe
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF11F73AD01219FFEF119BA5CD85FADBB78FB08750F2000A1EA04B7290D6756E50EB94
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F9E1FD
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 00F9E230
                                                                                                                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F9E246
                                                                                                                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F9E24D
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 37d9a2322d1752aa4faca06535714c8d71d04dbca4bf3bf6fe426e3b1a74a177
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1921e3bad3547f460dbda3462876c3ce3b452763af2d3c0434ef616eea5ba6e2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37d9a2322d1752aa4faca06535714c8d71d04dbca4bf3bf6fe426e3b1a74a177
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08112672D04258BFDB11DFA8AC0AE9E7FACEB45320F148215F928E3281D6B5CD0497A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F5D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,?,00F5CFF9,00000000,00000004,00000000), ref: 00F5D218
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F5D224
                                                                                                                                                                                                                                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00F5D22B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ResumeThread.KERNEL32(00000000), ref: 00F5D249
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e543ae07f896ad487517e44655f8596fc7cd91413d29793d6ba16a916d5713fd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e88086efaff1f943ff6face9ff8ae7ec90e14cbe71837f784065366db93005c4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e543ae07f896ad487517e44655f8596fc7cd91413d29793d6ba16a916d5713fd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A201F9768066087BD7315BA5DC05FAE7A69DF81332F100259FE25921D0DB75C909F7E0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F49BB2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00FC9F31
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00FC9F3B
                                                                                                                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00FC9F46
                                                                                                                                                                                                                                                                                                                                                                                                                  • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00FC9F7A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 807a31659244b3d523127e8e04aafbda2f249ef1444096f0afa1c2d3614a3ff9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b8e8524542221f470c02f9840c8587ae4f7304e5a95da9b74b65fa5a59deff6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 807a31659244b3d523127e8e04aafbda2f249ef1444096f0afa1c2d3614a3ff9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D711183290411AEBDB11DF68DA8AEEE77B9FB45311F000459F911E3140D775BA81EBA1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F3604C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00F36060
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F3606A
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 02f35ae8e1257679a0184536f9dff1ab0e26630b06375459997c9135c8245870
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3d0c240a2a2bfcd2c35ad5f9558606803bbad6230347ea99749be680023897f3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02f35ae8e1257679a0184536f9dff1ab0e26630b06375459997c9135c8245870
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C116DB2501508BFEF164FA49D46EEABB69EF093B4F044216FA1892110D736DC60FBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F53B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 00F53B56
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F53AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00F53AD2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F53AA3: ___AdjustPointer.LIBCMT ref: 00F53AED
                                                                                                                                                                                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 00F53B6B
                                                                                                                                                                                                                                                                                                                                                                                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00F53B7C
                                                                                                                                                                                                                                                                                                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 00F53BA4
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0c88a69af704ad1c8f587265d49967e995174b32f1cfcedfa479e9d3c69af7bc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6012932500148BBDF125E99CC42EEB3B69EF887A9F044014FF4896121C736E965EBA0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F63073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00F313C6,00000000,00000000,?,00F6301A,00F313C6,00000000,00000000,00000000,?,00F6328B,00000006,FlsSetValue), ref: 00F630A5
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00F6301A,00F313C6,00000000,00000000,00000000,?,00F6328B,00000006,FlsSetValue,00FD2290,FlsSetValue,00000000,00000364,?,00F62E46), ref: 00F630B1
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F6301A,00F313C6,00000000,00000000,00000000,?,00F6328B,00000006,FlsSetValue,00FD2290,FlsSetValue,00000000), ref: 00F630BF
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 14e61367aea5ce794db5bc23aff2e5a84b8ebd65705f29ca6036771b69a4475f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf14876d1139bb4fa61cf9e37d8b4c7e771b245d9707dfa6b38a28994ea76be0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14e61367aea5ce794db5bc23aff2e5a84b8ebd65705f29ca6036771b69a4475f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3101F732701226BBCB314B79AC45E677B98EF45BB9B100720F909E3140C721D909E6E0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F97464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00F9747F
                                                                                                                                                                                                                                                                                                                                                                                                                  • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00F97497
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00F974AC
                                                                                                                                                                                                                                                                                                                                                                                                                  • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00F974CA
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 120ac3b9d499ae46067795d1c0a6b4050c884f0d13dfc1d7a682a2dd8fd85c23
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 218c2d95ff1a4f2a4597e9fcdf24f7476090667effa338d39bdc6cb4327dbbf3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 120ac3b9d499ae46067795d1c0a6b4050c884f0d13dfc1d7a682a2dd8fd85c23
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE117CB1615314DBFB20DF19DD09F927BB8EB00B00F108569E61AD7192D770E904AB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F9ACD3,?,00008000), ref: 00F9B0C4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F9ACD3,?,00008000), ref: 00F9B0E9
                                                                                                                                                                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F9ACD3,?,00008000), ref: 00F9B0F3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F9ACD3,?,00008000), ref: 00F9B126
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bb53a9da0ab159c19e107a50e9bf73054b1c5af7597a3e5445d04957fa461273
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9fe8d4fdb16d49c5076d3f6a9e7d471c27c3a49995ee0732e7db330947261856
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb53a9da0ab159c19e107a50e9bf73054b1c5af7597a3e5445d04957fa461273
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0115B31C0162CE7DF00AFE5EA69AEEBF78FF49711F114095D941B3181CB305690AB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F92DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F92DC5
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F92DD6
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00F92DDD
                                                                                                                                                                                                                                                                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F92DE4
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 44e4dbd15b1b616dd9f7fb305a2cb2d33b23498a9e6252eeb57a4e60a5161bc9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 144dee92e64faa8a6624549b5f151be75f179b1a7d99048983155b2a260a818c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44e4dbd15b1b616dd9f7fb305a2cb2d33b23498a9e6252eeb57a4e60a5161bc9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CE065715012287AEB2017639D0EFE73E5CEF42B61F000015F109D20409AA18445F6F0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F49693
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: SelectObject.GDI32(?,00000000), ref: 00F496A2
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: BeginPath.GDI32(?), ref: 00F496B9
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F49639: SelectObject.GDI32(?,00000000), ref: 00F496E2
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00FC8887
                                                                                                                                                                                                                                                                                                                                                                                                                  • LineTo.GDI32(?,?,?), ref: 00FC8894
                                                                                                                                                                                                                                                                                                                                                                                                                  • EndPath.GDI32(?), ref: 00FC88A4
                                                                                                                                                                                                                                                                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00FC88B2
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 95405e36052e4e5ad9e37b7c1c0df9d0fc9e25b668cc719f878a003f69f3baf9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b63ccc69464b041c584f1f44f85084b2d9998bae0e21f412e6f42e7b647afa8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95405e36052e4e5ad9e37b7c1c0df9d0fc9e25b668cc719f878a003f69f3baf9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AF05E36045259FADB225F94AD0AFDE3F59AF06310F048004FA55A60E1C7B95511EFE5
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F498B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 00F498CC
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00F498D6
                                                                                                                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 00F498E9
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 00F498F1
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 96552f8f42157becf96a02fbaa393c25dfad74ce8a45c905fd37aa6f158082d6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5c1c4ceddffb8e5fd02ad80ee2e231ab27fad2f1d231e62b30bd7e67d193f91e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96552f8f42157becf96a02fbaa393c25dfad74ce8a45c905fd37aa6f158082d6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0E06531644284AEDB216B75BD0AFD93F10AB51735F188219F6FD590E1C3718640BB10
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F9162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00F91634
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,00F911D9), ref: 00F9163B
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00F911D9), ref: 00F91648
                                                                                                                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,00F911D9), ref: 00F9164F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bca393a582915906600dd5a68e5298d5218136badb4826c3382f8c126f5301ba
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fe12c3bd0f2ca3a3df0fe1b138b698db01c2aa7ecb957ea13cd944e2b6fa2322
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bca393a582915906600dd5a68e5298d5218136badb4826c3382f8c126f5301ba
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBE08671E41215DBEB201FA0AF0EF863B7CBF847A1F184818F249CA080D6358441E790
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00F8D858
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00F8D862
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F8D882
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?), ref: 00F8D8A3
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 674cf15e36a41e750dc82351f9c6450270ee939679fdbaa66f429d474ec3ba35
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 76a214a5b8b12438c8e0a5f1706fcfd5792bfbbde9d2bf25199ea6c5332c53dd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 674cf15e36a41e750dc82351f9c6450270ee939679fdbaa66f429d474ec3ba35
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EE09AB5840209DFCB41AFA4DA0DA6DBBB5FB48311F148459E84EE7250C7399942BF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F8D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00F8D86C
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00F8D876
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F8D882
                                                                                                                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?), ref: 00F8D8A3
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a7a1b9e512ac22d0ca4b0a8023fe0e2fc676f5e90cf111d13c9f0095ab054513
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1162f6728b65c86691595b0d65a79818ae836713465b2b0507efc878af7135cc
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7a1b9e512ac22d0ca4b0a8023fe0e2fc676f5e90cf111d13c9f0095ab054513
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCE092B5C00208EFCB51AFA4DA0DA6DBBB5BB48311F148449E94EE7250CB399902BF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F3BBE0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __Init_thread_footer.LIBCMT ref: 00F3BEB3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: D%$D%
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1385522511-485025506
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3738c92ba9d45e618168756cf39bff34c91476b95b40f9e89446452b06fb443b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2e8cdb7c856792cddef04331c4262e98887227b240044b8142f20c7b13a7833d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3738c92ba9d45e618168756cf39bff34c91476b95b40f9e89446452b06fb443b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1911B75E00206DFCB28CF59C0A16A9B7F1FF58325F24416EDA85AB351D731E981EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F37620: _wcslen.LIBCMT ref: 00F37625
                                                                                                                                                                                                                                                                                                                                                                                                                  • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00FA4ED4
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69123e5c372cdaa55ee9dd94c050787618259e8b134bf264ccc8ec4e6bd2a578
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 11a1675128611ebb7451a58e27779045c30c2c71d7ce061ed7b57ee7681c0533
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69123e5c372cdaa55ee9dd94c050787618259e8b134bf264ccc8ec4e6bd2a578
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 409161B5A00204DFCB14DF58C485EAABBF1BF85314F198099E80A9F3A2C775ED85DB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F5E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 00F5E30D
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 023a1bf50456337be355d760fd0149bb4c13f172e2e70535d91bca03659d9005
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d9bc7823350ded7b9a10e338e7994d098e8451abdb5872f95de85bef107a9db
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 023a1bf50456337be355d760fd0149bb4c13f172e2e70535d91bca03659d9005
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3518E61E0C30196CB197724CD0137A7F94AB60766F304D99E8D5422EDEB358DCDBB86
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f3e5af226cf4744c9ab6cd4a4d3835e92b1ac4f052f4ae7ea07c1a292d5f91e9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b01389cc9061adf678ca0a7a0d2c8c4b74af5ce210c5fa4434a6d370a628fe42
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3e5af226cf4744c9ab6cd4a4d3835e92b1ac4f052f4ae7ea07c1a292d5f91e9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C51F235E04246DFDB15EF28C8816FE7BA8FF55320F244055ECA19B290D7789E42EB90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F4F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00F4F2A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 00F4F2BB
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9bc0238f8b4b1e576644f9e1fb9be883e4f1d92a634d6e1db54c38277f40d65d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d882b8d41fcdfa7a3181e5d1932858686253ff690acd0059ad2a47548e15605
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bc0238f8b4b1e576644f9e1fb9be883e4f1d92a634d6e1db54c38277f40d65d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B95137B140C7489BD320AF11DC86BAFBBF8FB84310F81885DF2D952195EB748529DB66
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00FB57E0
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FB57EC
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: db8a2c19d4f4b9bd7ee96b211e70a335dcc198fb68e3efccd2ceb4c9288626a7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3dc8b9b62c3fb12eed21150cdf7ad36c66e92bbe5f23d8a3675c98f87961abe0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db8a2c19d4f4b9bd7ee96b211e70a335dcc198fb68e3efccd2ceb4c9288626a7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3419F31E002099FCB14DFAAC882AEEBBB5EF59724F144029E505A7251E778DD81EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FAD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00FAD130
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00FAD13A
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0b2c2aea5d41ad610cb2ebcc6b8f947a6f40f55f3303617beefbfe8ba816bab
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3c3e24b0e313a9c1e000d4691af83ae882838879d596ca375fcbaa8b9e5a803f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0b2c2aea5d41ad610cb2ebcc6b8f947a6f40f55f3303617beefbfe8ba816bab
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97313E71D00109EBDF15EFA4CC85AEE7FB9FF05310F104019F815A6161D735AA46EB64
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?,?,?,?), ref: 00FC3621
                                                                                                                                                                                                                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00FC365C
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e2fa6d4dc0f2ddd3037a41476570ff1f58b4449d553257c94c457f374668d50a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 46ca52c30f9570053b24cda39dde9094edb9ffdc4d396e4e760663fc571b7610
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2fa6d4dc0f2ddd3037a41476570ff1f58b4449d553257c94c457f374668d50a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C318171510205AADB10DF68DC42FFB73A9FF88760F00961DF99597280DA35AD81EB60
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00FC461F
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00FC4634
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 324617a1965e0b82d2be3681b3fc854bdd4fd450c0dda0cc8d465c66b9bf87fe
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 04f453ed61a9012287b9bdcc55f16a289f42a13e948bd65ad1ac080fcd153758
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 324617a1965e0b82d2be3681b3fc854bdd4fd450c0dda0cc8d465c66b9bf87fe
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF313975A0020A9FDB14CF69CA91FDABBB5FF49310F14446AE904AB385D770A941EF90
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00FC327C
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FC3287
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc7d7178ff97b112af1062aa60839d8961a44e29976a54a82e3781722ab77d2e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4bb80e7008905cd6f0f185c6a15de268f17b467753a9be9f46b4d57226114778
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc7d7178ff97b112af1062aa60839d8961a44e29976a54a82e3781722ab77d2e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A811E27170020A7FEF219E54DD82FFB376AEB943B4F108128F91897290D631DD51A760
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F3604C
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3600E: GetStockObject.GDI32(00000011), ref: 00F36060
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F3600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F3606A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00FC377A
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00FC3794
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b4ed17c5977778253c9847517f4f4d82e76bf56a07dcb303d6501dae21fe7b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 01ebc738c8433eca1ebe2cf1e88fe83e12f8cc202819dc8302e5fbe443551ee9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b4ed17c5977778253c9847517f4f4d82e76bf56a07dcb303d6501dae21fe7b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B1129B261020AAFDB01DFA8CD46EEA7BB8EF08354F004918F955E3250D735E951AB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FACD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00FACD7D
                                                                                                                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00FACDA6
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1efb0971847ed22c4c3ef3e778e2f9957dd375969a73a2059a4a0a5b2b057621
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d9033af4d6d3a068badd62f66f0eda61cdae57e31349da8564ea043a804d582b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1efb0971847ed22c4c3ef3e778e2f9957dd375969a73a2059a4a0a5b2b057621
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8411A3B26156367AD7244B668C45FE7BE6CEF137B4F004226F12983180D7609840E6F0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 00FC34AB
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00FC34BA
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ebcd1a0647b91604b7dbbdb0a63db337530fa9ef2efa46dfb82da7d6a0d713f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e72d1efa666c4e6ac74ba070b69db7176abe74a72a9df096bbf22fa3de285b2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ebcd1a0647b91604b7dbbdb0a63db337530fa9ef2efa46dfb82da7d6a0d713f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F11BF7150010AABEB168F64DE42FEB376AEB053B4F508328F964931D4C736DD51BB50
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F96C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?), ref: 00F96CB6
                                                                                                                                                                                                                                                                                                                                                                                                                  • _wcslen.LIBCMT ref: 00F96CC2
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7037d3262c2765224f4b3c141a971d56b61d883d949c79d045520ee352b5c99c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 40d850fc4dd9e01afce3b2102aa4ac832e267dab023be549c44c86cd99108c35
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7037d3262c2765224f4b3c141a971d56b61d883d949c79d045520ee352b5c99c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95010432A045278ADF219FBDDC819BF37A4EE60720B000525F862D3190EA75E840E650
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F93CCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00F91D4C
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ace332fe397bd5fc68e2fcc80f3b7d09884bf3a1cfce263f8df272968cf13764
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b3a8068ee0d18b4b04a8bb5850bda1e2aefa452bcf7da58f7c97388acd5997b4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ace332fe397bd5fc68e2fcc80f3b7d09884bf3a1cfce263f8df272968cf13764
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB012831E04219AB9F08EBA0CD11DFE73A8FF423A0F00051AF922573D1EAB45908F660
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F93CCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000180,00000000,?), ref: 00F91C46
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d22880e4433ba87f5eab090a903db8bd02279c2b7da883cd020772b1280a807e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 455b3196ffa1e9e4dda661e818fbe137dfd2925e5240b3dc813e3d95be3543c8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d22880e4433ba87f5eab090a903db8bd02279c2b7da883cd020772b1280a807e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0701F771A8810966EF04EB90CE52EFF77A8AF51350F100029B90663281EAA59E08F6B1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F93CCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000182,?,00000000), ref: 00F91CC8
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a546058634786fc42cd2f0f6d160e090df38f67543e6b43c2d1a330d3b465847
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: efd387868d3981526ff41e826e1f807a56a92cf20bcde10fc1b08d2af3da6922
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a546058634786fc42cd2f0f6d160e090df38f67543e6b43c2d1a330d3b465847
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B601A775B4411966DF04E790CE01AFE77A8AF11350F540025B90573281EAA49F08F671
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F91D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F39CB3: _wcslen.LIBCMT ref: 00F39CBD
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F93CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F93CCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00F91DD3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f4b579fabfa515b30d32df19aef31b0cab2f032b20b8ef0c2b72c2a1a47c28ba
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 965e39a0fb02353086f94202bf488538f1ce6cb4876726f328dcf4cc98abb5dd
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4b579fabfa515b30d32df19aef31b0cab2f032b20b8ef0c2b72c2a1a47c28ba
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF0F471A4421966EF04E7A4CD52FFE77A8BF41360F040926B922A32C1DAE4990CA2A0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FB747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2371fb37b72f348a23aceaa28538e4b891f1b6702e596a54f3188ea55ef53470
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a88b14117881bc444a12f04ff2ceaedf2d26917dce0a07c57a68b0c9a7af1d1c
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2371fb37b72f348a23aceaa28538e4b891f1b6702e596a54f3188ea55ef53470
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE02B06A04320E09331327BDCC29BF7689CFC5762710182BFE81C2266EA98DDD1B3A1
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F90B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00F90B23
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 206959478e0228f277efdd99f17dd69ba3a534f1b499c2a05a487595e999d358
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3bffe48aaabe928ba1d8c17a70365d6a4517bac35ffc52aa5ede24b31d18bf3f
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 206959478e0228f277efdd99f17dd69ba3a534f1b499c2a05a487595e999d358
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEE0D8312443083AD21437547D03FC97E848F05F21F10042AFB9C959C38EE6649036E9
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F50D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F4F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00F50D71,?,?,?,00F3100A), ref: 00F4F7CE
                                                                                                                                                                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,00F3100A), ref: 00F50D75
                                                                                                                                                                                                                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F3100A), ref: 00F50D84
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00F50D7F
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8e258f0e16443c7adc37d65c1d7d48f0d40a7357dd90576b763490de58492a6a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d8f19f91606a04279657718a7caebcbbbb70cdfd4c7b74361df04726444c09b9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e258f0e16443c7adc37d65c1d7d48f0d40a7357dd90576b763490de58492a6a
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42E06D702003418BD3309FB8DA05B82BBF0AF00741F00892DE986C7656DFB9E44CAB91
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FA3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00FA302F
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00FA3044
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 86ab9fcdbfd95065f24c0c177adc42a6765273236df75a6d7e307cc73427dc52
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5fd49ccb54fad145c54ea93e5c068728c20152ae94c8e4b4b43d6195310f80f3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86ab9fcdbfd95065f24c0c177adc42a6765273236df75a6d7e307cc73427dc52
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDD05E7250032C67DA20E7A4AD0EFDB3A6CDB04750F0002A1B659E30A1DAB4D984CAD0
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FC236C
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000), ref: 00FC2373
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9E97B: Sleep.KERNEL32 ref: 00F9E9F3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d36e5f4308706b78bd04952f7c117eb85cb11b37e714b41edef8bf9b1f795c7d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c2a51021c431737ce0207b6e84e449734411e9f03029dcceb887d7b07198b14b
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d36e5f4308706b78bd04952f7c117eb85cb11b37e714b41edef8bf9b1f795c7d
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43D0C9327813147AE664B7719E0FFC676149B04B14F004916B74AEA1E0C9A4A801AA94
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00FC2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FC232C
                                                                                                                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00FC233F
                                                                                                                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00F9E97B: Sleep.KERNEL32 ref: 00F9E9F3
                                                                                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a554b6024434706ca2263bc42d792f5577a182be18f556ab2016d4484aeff892
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f9bbeba68b68980550c66e8ee35171ead03d99d67503762cc617969e5b009a5e
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a554b6024434706ca2263bc42d792f5577a182be18f556ab2016d4484aeff892
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDD0C936794314B6E664B7719E0FFD67A149B00B14F004916B74AEA1E0C9A4A801AA94
                                                                                                                                                                                                                                                                                                                                                                                                                  Function 00F6BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00F6BE93
                                                                                                                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F6BEA1
                                                                                                                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F6BEFC
                                                                                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1390561064.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390440075.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FCC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390771032.0000000000FF2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1390937142.0000000000FFC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1391029983.0000000001004000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f30000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                  • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aa605880860a04613c2cb0492c8aa5807a3ea2aa1d593daab5a73f34587878ed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c61bfd96316b9ab7ee47d7bccf754ee254a42abc415ce1a205446e4adc5a56ad
                                                                                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa605880860a04613c2cb0492c8aa5807a3ea2aa1d593daab5a73f34587878ed
                                                                                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17410635A04206AFCF218FA5CC44BBA7BA5EF51320F144169F959DB1B1DB318C85FB60